Home » Data Privacy

DATA PRIVACY

Data privacy

GENERAL DATA PROTECTION NOTICE

🇫🇷 Version française: Notice d’information générale sur la protection des données
🇩🇪 Deutsche Fassung: Allgemeiner Datenschutzhinweis

Version last updated on January 24th, 2022

LIH, 1A-B rue Thomas Edison L-1445 Strassen, Luxembourg (“we”) is committed to the protection of your personal data in accordance with data protection legislation, especially the General Data Protection Regulation EU 2016/679 (the “GDPR”).

This Data Protection Notice is directed to users or visitors of our website (the “Site”), and to individuals who contact us by any means or provide services to us (together “You”). It provides You with detailed information relating to the protection of your personal data by us.

Data Protection
Officer

The Data Protection Office ensures LIH compliance with national and international data protection regulations.

Find out more on the dedicated web page:

1. Who is the controller of your personal data?

LIH, 1A-B rue Thomas Edison L-1445 Strassen is responsible as a data controller, for collecting and processing your personal data in relation to our activities. The purpose of this Data Protection Notice is to inform You about which personal data we collect, the reasons why we use and share such data, how long we keep it, what rights You have and how You can exercise them.

Where necessary, further information may be provided when You are in contact with us for a specific activity.

2. what personal data do we process?

We collect and use your personal data to the extent necessary in relation to our activities.

We may collect various types of personal data about You, including:

The data collected on our Site stem exclusively from the voluntary registering of your personal data (for example by contacting us through our online contact forms, by subscribing to our newsletter, by applying to one of our job offers, or by registering to an event).

With the exception of the information indicated above and in the cookies settings (Manage consent, according to your preferences), we do not collect, via freely accessible pages on this Site, personal data other than those listed above and those voluntarily entered by You, using the online forms provided for that purpose, most notably to contact us.

If You wish to learn more about cookies, please click here.

3. what are the purposes of and the legal basis for our processing?

We collect and use your personal data for the following purposes:

We collect your personal data on the following basis:

4. Who do we share your personal data with? 

In order to fulfil the aforementioned purposes, we may communicate your personal data to:

In particular, we would like to inform You that this Site uses cookies that are linked to a web analytics service called “Google Analytics”, therefore, if You accept such cookies, your data will be accessed and processed by Google LLC (USA). You can find additional information about the processing of your data in the context of LIH’s use of Google Analytics.

We may also receive requests from third parties with authority to access your personal data. We will only respond to such requests where we are permitted to do so in accordance with applicable laws and regulations.

We require all third parties to respect the security of your personal data and to process it in accordance with the law.

5. Where do we transfer your personal data? 

We may use third party providers to deliver our services and this may involve transfers of your personal data to countries outside of the European Union/European Economic Area (EU/EEA). In case of international transfers originating from the EU/EEA to a country outside the EU/EEA, the transfer of your personal data may occur where the European Commission has decided that the country outside the EU/EEA ensures an adequate level of data protection.

For transfers to countries outside the EU/EEA for which the level of protection has not been recognised as adequate by the European Commission, we will either implement appropriate safeguards provided for by current data protection law (e.g. the entry into standard data protection clauses) or rely on a derogation applicable to specific situations (such as your explicit consent).
You can obtain more information regarding relevant safeguards we rely on by contacting our Data Protection Officer.

6. Security of your personal data. 

The processing of your personal data is carried out through IT, electronic and manual tools, with logics strictly related to the aforementioned purposes and, in any event, in compliance with the appropriate technical and organisational measures required by law to ensure a level of security that is adequate to the risk, in order to avoid unauthorised loss or access to your data.

7. How long do we keep your personal data? 

We will retain your personal data for: (i) as long as necessary to fulfil the purposes we collected it for, (ii) the period defined by our operational requirements (such as facilitating our relationship management with You) and (iii) for the time necessary for compliance with our legal obligations.

8. What are your rights regarding your personal data? 

In accordance with applicable data protection law, you may exercise at any time the following rights in relation to your personal data:

If You have provided your consent to the processing of your personal data, You can withdraw such consent at any time.

To exercise any of these rights, You may contact our Data Protection Officer by email or by postal mail: 

Luxembourg Institute of Health 
Data Protection Officer 
1A-B rue Thomas Edison  
L-1445 Strassen 

You have the right to lodge a formal complaint with the Commission nationale pour la protection des données (CNPD). Full details may be accessed on the complaints section of CNPD’s website.

Changes to this Data Protection Notice 

Changes may occur in the way we process personal data. In case these changes oblige us to update this Data Protection Notice, we will clearly communicate it to You, either via our Site or via other appropriate means. The latest applicable version will always be available on our Site

Data Protection Notice for patients and study participants 

🇫🇷 Version française: Notice d’information sur la protection des données pour les patients et les participants à l’étude
🇩🇪 Deutsche Fassung: Datenschutzhinweis für patienten und studienteilnehmer

Version last updated on 27 May 2019. 

Luxembourg Institute of Health (LIH), 1A-B rue Thomas Edison L-1445 Strassen , Luxembourg (‘we’) is a public health research institute. We aim to generate knowledge on disease mechanisms and contribute to the development of news diagnostics, preventive strategies, innovative therapies and clinical applications that impact the healthcare of individuals. 

We are committed to compliance with laws and regulations that govern the conduct of health research. This includes the General Data Protection Regulation EU 2016/679 (the ‘GDPR’) and any other applicable EU or local legislation or regulation implementing GDPR (notably the Luxembourg law of 1 August 2018 on the organisation of the National Commission for Data Protection and the implementation of the GDPR), as well as their successor texts (together ‘Data protection legislation’). 

As a public research institute under the law of 3 December 2014 on the organisation of public research centers, we conduct research in the public interest and make sure our research serves the interests of society as a whole. Some of our research may be conducted in collaboration with commercial organisations and funders. In any case, our research follows Luxembourg laws and regulations applicable to research. 

This Data Protection Notice is directed to patients and participants in our scientific research, studies or projects (‘you’). It provides you with detailed information relating to the protection of your personal data by us. 

Further information may be provided when necessary when you are in contact with us for a specific research activity. 

1. Who is the controller of your personal data? 

Luxembourg Institute of Health (LIH), 1A-B rue Thomas Edison L-1445 Strassen is responsible as a data controller , for collecting and processing your personal data in relation to your participation in our scientific research, studies or projects. The purpose of this Data Protection Notice is to inform you on which personal data we collect, the reasons why we use and share such data, how long we keep it, what rights you have and how you can exercise them. 

2. What personal data do we process? 

We collect and use your personal data to the extent necessary to achieve the research objectives of our projects you are participating in. 

We may notably collect the following types of personal data in relation to specific research projects: 

We collect information about you (i) directly from you, or (ii) indirectly from your medical records or from databases (e.g. data concerning healthcare provided to you and held by social security authorities) and/or biological samples collections constituted in accordance with applicable laws. 

Where we need to collect other categories of data about you in a specific research, study or project, we will inform you of this by appropriate means. 

3. What are the purposes of and the legal bases for our processing? 

We collect and use your personal data for the following purposes: 

Data protection legislation requires from us to have a valid legal reason (‘legal basis’) to process and use personal data about you. In the context of research, we collect your personal data on the following legal bases: 

Where we also collect and use sensitive personal data (health, genetic …) we only do so where: 

Where we need to rely on a different legal basis, we will inform you of this by appropriate means

4. Who do we share your personal data with? 

Depending on the nature and scope of our research activities, your personal data may be shared with the following recipients : 

We may access or share your data in a way that we can identify you as a research, study or project participant. However most personal data used in our research is coded or pseudonymised before sharing or publishing the research outcomes. 

When we are working with other organisations and information is shared with them, we will inform you by appropriate means. 

We may communicate your personal data to: 

We require all third parties to respect the security of your personal data and to process it in accordance with applicable laws and regulations. 

5. Where do we transfer your personal data? 

Our activities may involve transfers of your personal data to countries outside of the European Union/European Economic Area (EU/EEA). In this case, the transfer of your personal data may occur where the European Commission has decided that the country outside the EU/EEA ensures an adequate level of data protection. 

For transfers to countries outside the EU/EEA for which the level of protection has not been recognised as adequate by the European Commission, we will either implement appropriate safeguards provided for by data protection legislation (e.g. the entry into standard data protection clauses) or rely on a derogation applicable to specific situations (such as your explicit consent). 

You can obtain more information regarding relevant safeguards we rely on by contacting our Data Protection Officer.

6. Security of your personal data 

The processing of your personal data is carried out through IT, electronic and manual tools, with logics strictly related to the aforementioned purposes and, in any event, in compliance with the appropriate technical and organisational measures required by law to ensure a level of security that is adequate to the risk, in order to avoid unauthorised loss or access to your data. 

In order to protect your rights and the confidentiality of your personal data, and especially when processing sensitive data (e.g. health, genetic…) for scientific research purposes, we must have suitable and specific safeguards in place to help protect your personal data. Our researchers are notably asked to implement anonymization or pseudonymisation (e.g. remove identifiers such as your name and replace this with a unique code or key) wherever feasible and at the earliest opportunity. 

7. How long do we keep your personal data? 

We will retain your personal data as long as necessary to fulfil the purposes we collected it for and for the time necessary for compliance with our legal obligations. The time periods for which we retain your personal data depends on the type of data and the purposes for which we use it. 

In accordance with the data minimisation principle, we ask our researchers to anonymise, pseudonymise or delete personal data collected as part of their research at the earliest opportunity. Thus, data where you can be identified will usually be kept for a minimum amount of time and in accordance with our research objectives. We may, however, retain personal data and documents (e.g. consent forms) for a time period following the completion of our research, study or project, as this is sometimes a legal or regulatory requirement or a requirement of our funders. 

Some of our research projects or public health expertise missions may require that we process data where you can be identified, as it is necessary for achieving the outcome of the research. For such projects, we store your personal data as part of the research for the duration of the project and for a defined period after the project has ended. This is usually defined by applicable laws and regulations. 

We will inform you by appropriate means (e.g. participant information sheet) with regards to how long your personal data will be kept for in specific research projects. 

8. What are your rights regarding your personal data? 

In accordance with data protection legislation, you may exercise at any time individual rights in relation to your personal data: 

Please note that the extent to which these rights apply to research will vary and that in some circumstances rights may be restricted. It should also be noted that we can only implement your rights during the period upon which we hold personal data about you. Once the data we hold about you has been irreversibly anonymised and becomes part of a research data set it will not be possible to access your personal data. 

If you have provided your consent to the processing of your personal data, you can withdraw such consent at any time and this will not adversely affect your medical care. 

To exercise any of these rights, you may contact our Data Protection Officer by email or by postal mail: 

Luxembourg Institute of Health (LIH)  
Data Protection Officer  
1A-B rue Thomas Edison 
L-1445 Strassen 

You have the right to lodge a formal complaint with the Commission nationale pour la protection des données (CNPD). Full details may be accessed on the complaints section of CNPD’s website (https://cnpd.public.lu). 

9. Changes to this data protection notice 

Changes may occur in the way we process your personal data. In case these changes oblige us to update this Data Protection Notice, we will clearly communicate it to you, either via our website or via other appropriate means. The latest applicable version of this Data Protection Notice will always be available on our website. 

10. Glossary 

Anonymisation means the irreversible process of rendering personal data anonymous in such a manner that the data subject is not or is no longer identifiable; 

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; 

Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; 

Genetic data means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question; 

Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status; 

Data protection legislation means the General Data Protection Regulation EU 2016/679 (the ‘GDPR’) and any other applicable EU or local legislation or regulation implementing GDPR (notably the Luxembourg law of 1 August 2018 on the organisation of the National Commission for Data Protection and the implementation of the GDPR), as well as their successor texts; 

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (as defined by GDPR); 

Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed; 

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction 

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; 

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person; 

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing; 

Sensitive personal data or special categories of data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation; 

Third party means natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data. 

Data Protection Notice for recruitment 

🇫🇷 Version française: Notice d’information sur la protection des données en matière de recrutement
🇩🇪 Deutsche Fassung: Datenschutzhinweis für das bewerbungsverfahren

Version last updated on 31 July 2019. 

Luxembourg Institute of Health (LIH), 1A-B rue Thomas Edison L-1445 Strassen, Luxembourg and the Integrated BioBank of Luxembourg (IBBL), 1 rue Louis Rech L-3555 Dudelange, Luxembourg (“we”) are committed to the protection of your personal data in accordance with data protection legislation, especially the General Data Protection Regulation EU 2016/679 (the “GDPR”). 

This Data Protection Notice for recruitment is directed to candidates who apply for a job at LIH and IBBL (“you”). It provides you with detailed information relating to the way we protect your personal data. 

1. Who is the controller of your personal data? 

Luxembourg Institute of Health (LIH), 1A-B rue Thomas Edison L-1445 Strassen is responsible as a data controller, for collecting and processing your personal data in relation to your application for a position at LIH/IBBL and our recruitment process. The purpose of this Data Protection Notice for recruitment is to inform you on which personal data we collect, the reasons why we use and share such data, how long we keep it, what rights you have and how you can exercise them. 

2. What personal data do we process? 

We collect and use your personal data to the extent necessary in relation to our recruitment process and to ensure that your application can be considered by the relevant LIH or IBBL department(s). 

We may collect various types of personal data that you decide to or are requested to submit in relation to your application for a particular job position, including: 

If you decide to attach reference letters to your job application, it is your responsibility to obtain consent from referees and inform them of the purposes for which their personal data may be processed (based on this Data protection notice for recruitment) before providing their personal data to us. We will not contact directly your referees, unless you explicitly consent to such approach. 

We do not require from job applicants to include any special categories of data (racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning sex life or sexual orientation) or any judicial data (e.g. criminal records) as part of the job application documentation. Please do not include such sensitive data in your job application

We may also collect information about you from publicly accessible sources, such as LinkedIn, etc., where we collect your full name, email, work history, and other data included on your profile. You can choose what types of information to submit as part of your job application. Normally, the following categories of data would be strictly necessary, so we can consider your job application for the particular position: your identification data, your job application data, pre-employment checks and identification of the job and personal requirements. 

In certain cases, a LIH or IBBL job advertisement may specify additional categories of personal data required for a specific position. If so, provision of such information would be also treated as mandatory (please check the job advertisement again). 

Submitting of any other information would be dependent entirely on you and would be treated as voluntary. 

Note, that in case of your selection for the job position you have applied for, the above categories of personal data will further form part of your employment file with LIH or IBBL (more information will be provided to you upon the start of your employment). 

3. What are the purposes of and the legal basis for our processing? 

We collect and use your personal data for the following purposes: 

We collect your personal data on the following basis: 

4. Who do we share your personal data with? 

In order to fulfil the aforementioned purposes, your personal data may be shared internally for the purposes of the recruitment process with members of the LIH Human Resources department, interviewers involved in the recruitment process, managers in the business area with a vacancy if access to the data is necessary for the performance of their roles. LIH Human Resources will have access to your personal data for the purposes listed above. We may communicate your personal data to: 

We may also receive requests from third parties with authority to obtain disclosure of personal data. We will only respond to such requests where we are permitted to do so in accordance with applicable laws and regulations. 

We require all third parties to respect the security of your personal data and to process it in accordance with the law. 

5. Where do we transfer your personal data? 

We may use third party providers to deliver our services and this may involve transfers of your personal data to countries outside of the European Union/European Economic Area (EU/EEA). In case of international transfers originating from the EU/EEA to a country outside the EU/EEA, the transfer of your personal data may occur where the European Commission has decided that the country outside the EU/EEA ensures an adequate level of data protection. 

For transfers to countries outside the EU/EEA for which the level of protection has not been recognised as adequate by the European Commission, we will either implement appropriate safeguards provided for by current data protection law (e.g. the entry into standard data protection clauses) or rely on a derogation applicable to specific situations (such as your explicit consent). 

You can obtain more information regarding relevant safeguards we rely on by contacting our Data Protection Officer.

6. Security of your personal data. 

The processing of your personal data is carried out through IT, electronic and manual tools, with logics strictly related to the aforementioned purposes and, in any event, in compliance with the appropriate technical and organisational measures required by law to ensure a level of security that is adequate to the risk, in order to avoid unauthorised loss or access to your data. 

7. How long do we keep your personal data? 

If your job application is unsuccessful, we will retain your personal data 2 years maximum after the end of the relevant recruitment process (for consideration for future employment opportunities). At the end of that period, or once you oppose to your personal data being processed, your personal data will be deleted or destroyed. 

Note that in case you are selected for the job position you applied for, the above categories of personal data will continue being processed as part of your employment file with LIH or IBBL (more information will be provided to you upon the start of your employment). 

8. What are you rights regarding your personal data? 

In accordance with applicable data protection law, you may exercise at any time, in respect of us, the following rights in relation to your personal data: 

To exercise any of these rights, you may contact our Data Protection Officer by email or by postal mail: 

Luxembourg Institute of Health (LIH) 
Data Protection Officer 1A-B rue Thomas Edison L-1445 Strassen 

You have the right to lodge a formal complaint with the Commission nationale pour la protection des données (CNPD). Full details may be accessed on the complaints section of CNPD’s website

9. Changes to this data protection notice for recruitment. 

Changes may occur in the way we process personal data. In case these changes oblige us to update this Data Protection Notice for recruitment, we will clearly communicate it to you, either via our Site or via other appropriate means. The latest applicable version will always be available on our Site. 

Data Protection Notice for donation 

🇫🇷 Version française: Information relative au traitement de vos données personnelles dans le cadre de votre don effectué auprès du Luxembourg Institute of Health (LIH)

Version last updated on 10 June 2021. 

The Luxembourg Institute of Health (LIH) thanks you for your generous donation to its research activities. In the context of your donation, you have provided us with some of your personal data. We attach great importance to the protection of your data, which is why it is important for us to inform you about the use that the LIH makes of it and about the rights you have. 

1. Purposes and legal basis of processing 

The LIH, as the Data Controller for the management of your donation, processes your personal data for the following purposes 

2. Data processed 

The data we collect for these different purposes are your name, first name, address, the amount of your donation and your bank details (the latter are only processed by our finance department for the management of your donation). 

3. Who has access to your data? 

Your data will not be shared with any third party other than the one that motivated your donation and will only be used for the above purposes. 

4. How long your data will be kept 

The data collected will not be kept beyond the time necessary to achieve the above purposes and to comply with our legal obligations in tax and accounting matters (up to a maximum of 10 years from the end of the year following receipt of your donation). 

5. Your rights 

In accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), you have the right to access and rectify your personal data. In some cases (depending on the conditions set by law), you have a right to object to the way your data is used (in particular if you do not want LIH to transfer on your details to the third party that prompted your donation or if you do not wish to be contacted again), the right to request the deletion of your data, the right to request the restriction of certain aspects of the processing of your data, and finally, the right to retrieve your data with a view to transferring it on to a third party (right to portability). If you wish to exercise your rights, you can contact the LIH Data Protection Officer.

Finally, you have the right to lodge a complaint with the National Commission for Data Protection (CNPD) regarding the processing of your personal data. 

If you have any queries regarding the processing of your personal data by the LIH, you can contact the LIH’s Data Protection Officer by e-mail or by post at the address: LUXEMBOURG INSTITUTE OF HEALTH – Data Protection – 1A-B, rue Thomas Edison – L-1445 Strassen – LUXEMBOURG.

Data Protection Notice: Processing of personal data in the scope of Events’ Management

🇫🇷 Version française: Notice de Protection des Données : Traitement des données à caractère personnel dans le cadre de la gestion d’événements
🇩🇪 Deutsche Fassung: Datenschutzerklärung: Verarbeitung personenbezogener Daten im Rahmen des Veranstaltungsmanagements

Version last updated on February 22nd, 2022

Luxembourg Institute of Health (LIH), 1A-B rue Thomas Edison L-1445 Strassen, Luxembourg (“we”) values your privacy. We collect and process personal data about speakers, visitors and other attendants (“you”) to events or seminars organized by us.

We are committed to compliance with the General Data Protection Regulation EU 2016/679 (GDPR) and any other applicable EU or local legislation or regulation implementing GDPR (notably the Luxembourg law of 1 August 2018 on the organisation of the National Commission for Data Protection and the implementation of the GDPR), as well as their successor texts (together “data protection legislation”).

This Data Protection Notice describes how we collect or otherwise process personal data as a data controller in relation to your attendance at events organised by LIH (the “Event” or “Events”) the reasons why we use and share such data, how long we keep it, what rights you have and how you can exercise them.

1.     What personal data do we process?

We collect and use your personal data to the extent necessary to organise and manage the Event.

If you are a guest speaker (“Guest Speaker”) in the Event, we will process the following types of personal data:

We may also process additional data that the Guest Speakers provide us in connection with their presentation at the Event, namely, photo, academic and professional background, or materials (such as presentations). These details may be published in the Event agenda and/or other communication materials both before or after the Event took place.

If you are a participant in the Event (“Participant”), we will process the following types of personal data:

2.     What are the purposes of and the legal bases for our processing?

We collect and use your personal data for the following purposes:

Data protection legislation requires from us to have a valid legal reason (legal basis) to process and use personal data about you. In the context of events management, we collect your personal data on the following legal bases:

3.     Who do we share your personal data with?

Your personal data will be collected and processed primarily by our members of staff who have a legitimate need to process it for purposes set out above (our communication department and/or our scientific team(s) in charge of a specific event).

We may also communicate your personal data to certain:

Where necessary, your personal data may also be shared with law enforcement or other government and regulatory bodies or agencies, upon request and to the extent permitted by law.

With your consent, photos taken or videos recorded during events we organize may be published, in paper or electronic format, including on the internet (notably press releases, national and international newspapers and magazines, our website and social media such as LinkedIn).  

4.     Where do we transfer your personal data?

Your personal data are processed by us within the European Union and no transfer of your personal data occurs outside of the European Union/European Economic Area (EU/EEA).

If our activities involve the transfer your personal data to countries outside of the European Union/European Economic Area (EU/EEA), the transfer of your personal data may occur where the European Commission has decided that the country outside the EU/EEA ensures an adequate level of data protection.

For transfers to countries outside the EU/EEA for which the level of protection has not been recognised as adequate by the European Commission, we will either implement appropriate safeguards provided for by data protection legislation (usually the entry into standard data protection clauses) or rely on a derogation applicable to specific situations (such as your explicit consent).

You can obtain more information regarding relevant safeguards we rely on by contacting us by email.

5.     Security of your personal data.

The processing of your personal data is carried out through IT, electronic and manual tools, with logics strictly related to the aforementioned purposes and, in any event, in compliance with the appropriate technical and organisational measures required by law to ensure a level of security that is adequate to the risk, in order to avoid unauthorised loss or access to your data.

6.     How long do we keep your personal data?

We retain your personal data as long as necessary to manage the Event and for a period of time thereafter to inform you about our future events (unless you oppose to it), to keep a record of your participation as a speaker or attendee, to analyse data in relation to our events for LIH’s own operations and to comply with our legal obligations (up to a maximum of 10 years).

7.     What are your rights regarding your personal data?

In accordance with data protection legislation, you may exercise at any time individual rights in relation to your personal data:

in certain limited cases (in which case we will analyse whether the conditions for the exercise of such rights are fulfilled):

Please note that the extent to which these rights apply will vary and that in some circumstances rights may be restricted.

If you have provided your consent to the processing of your personal data, you can withdraw such consent at any time.

In case you do not wish your image to be captured or published, please inform us before the event by contacting our Data Protection Officer or by approaching one of our event organisers during the event.

To exercise any of these rights, you may contact our Data Protection Officer by email or by postal mail:

Luxembourg Institute of Health (LIH)

Data Protection Officer
1A-B rue Thomas Edison
L-1445 Strassen

You have the right to lodge a formal complaint with the Commission nationale pour la protection des données (CNPD). Full details may be accessed on the complaints section of CNPD’s website.

8.     Changes to this data protection notice

Changes may occur in the way we process your personal data. In case these changes oblige us to update this Data Protection Notice in relation to events management, we will clearly communicate it to you, either via our website or via other appropriate means.