Version: 15 Nov 2024
PRIVACY NOTICE - Information for users of the Identifier-matching and Pseudonym Management Service (IPMS), or Pseudonymisation Service for short, on the processing of personal data by LNDS.
Pursuant to the General Data Protection Regulation (GDPR) - Regulation EU 2016/679 of the European Parliament and Council of 27 April 2016, on the protection of personal data and on the free movement of such data, please find information regarding the processing of personal data by the Pseudonymisation Service by LNDS.
PNED G.I.E., branded as Luxembourg National Data Service (or LNDS), having its registered office in Esch-sur-Alzette, 6, Av. des Hauts-Fourneaux, 4362, will process the personal data of users of the LNDS Pseudonymisation Service.
LNDS acts as data controller (“Controller) of personal data while processing personal data of applicants and users of the Pseudonymisation Service for application, log in and authentication purposes.
Individuals whose personal data LNDS collects, processes and stores while using the Pseudonymisation Service can reach LNDS, the Controller, at its premises as indicated above, or via email at the following address: dpo@lnds.lu regarding their personal data related questions and concerns, or when they wish to exercise their rights (as briefly described in paragraph 7 below).
In order to maintain the process, LNDS shall collect and process the following personal data related to the user’s activities in the service:
LNDS relies on essential first party cookies to ensure the proper functioning of its Pseudonymisation Service and are considered strictly necessary. These cookies will record your session interaction and are deleted as soon as the session ends.
| Cookie | Description | Duration |
|---|---|---|
| next-auth.callback-url | Stores the callback url for the user | Session |
| next-auth.csrf-token | Stores the session token for the user | Session |
All cookies are deleted after the session ends.
When LNDS acts as a Data Controller – in the authentication processes for users to have access to the Pseudonymisation Service, LNDS processes data on the basis of the following legal grounds:
a) Legitimate interests: personal data collected by LNDS with the purpose of allowing users to authenticate themselves and use the Pseudonymisation Service (as agreed in the Data Processing Agreement with the respective Data Controller.)
LNDS implements robust technical safeguards and employs stringent organisational protocols to ensure the confidentiality, integrity, and availability of personal data. These safeguards include the following: user authentication upon platform login, secure storage of the data on LNDS servers without third-party involvement and staff training on data protection practices.
All personal data collected on the platform will remain confidential and will not be disclosed to third parties, except LNDS if mandatorily required to do so by law enforcement or a judicial authority.
LNDS does not transfer any personal data abroad. In the event of any modifications regarding international transfers, LNDS pledges to promptly notify data subjects and uphold the processing of their personal data in strict compliance with the provisions described in Chapter V of the GDPR.
Personal data related to your profile and account, such as name, email, organization, and password, will be kept by LNDS if you do not delete your profile on platform or ask us to do it for you.
Personal data, such as logs and similar metadata, collected to ensure the platform’s security is retained for 12 months.
Personal data collected via cookies will be deleted at the end of a user’s log-in session.
The data subject is entitled to request at any time from the LNDS data protection officer’s (DPO) confirmation of their personal data being processed and access to it. In case the data subject has provided their consent to the processing of personal data, they can request to withdraw consent at any time.
The data subject is entitled to the rectification, or when provided, erasure of data and the limitation of or objection to the processing, with legitimate reasons. The data subject is also entitled to exercise the right to the portability of the related data which has been the object of automated processing, in case the relationship between the data subject and LNDS is regulated by a contract or an agreement.
Any of the above rights of the user can be done by reaching the LNDS data protection officer (DPO) by e-mail: dpo@lnds.lu, or directly through the user account settings by clicking on the button “delete my account,” in the section “delete my account.”
In your capacity as data subject, you are entitled to lodge a complaint to the Supervisory Authority for the Protection of personal data: the Commission Nationale pour la Protection des Données https://cnpd.public.lu/fr.html