Protection of personal data

Data is processed in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "GDPR") and the Law of 1 August 2018 on the organisation of the National Commission for Data Protection and the general data protection framework (referred to together hereinafter as the "Laws on the protection of personal data").

What are the different categories of personal data that may be processed ?

Depending on the purpose of the processing, different categories of personal data ("Personal Data") on the users of the services offered by the INFPC (in the case of users which are legal entities, the data processed concerns their leaders, HR directors, training managers and representatives) and the different publics concerned by such services (the "Persons Concerned") may be collected, stored and used by the INFPC. Personal Data includes in particular the following:

• personal identification data: first name, family name, gender, age, photo, national identification number;
• professional data: business address, function;
• electronic identification data: e-mail address, user name, password;
• data in connection with use of the infpc.lu and lifelong-learning.lu websites (website visited, connection times, source/reference, IP addresses) and data in connection with the Formanews newsletter (main areas of interest);
• data relating to training and qualifications: qualification sought, qualification obtained.

Who is responsible for processing (the Controller)? 

The INFPC, a public establishment that is the national Institute for the development of continuing vocational training, is responsible for processing the Personal Data processed in the context of the purposes and activities described in this Policy.

What purposes is Personal Data used for?

The INFPC collects and processes Personal Data for the following purposes:

• to respond to requests for information from users of the lifelong-learning.lu website and the Infoligne service (hotline managed by the INFPC dealing with all questions on lifelong learning);
• to manage registrations and requests for information on the training courses presented on the lifelong-learning.lu website by the platform's member training bodies;
• to circulate the Formanews newsletter to subscribers and manage their preferences;
• to send documents and other information to training providers and hirers of training rooms, that are members of the lifelong-learning.lu platform, in the context of their contractual relations with the INFPC;
• to post the CVs of trainers who have accepted the general conditions for using the "Trainer CV" service offered by the INFPC, accessed via the lifelong-learning.lu platform;
• to send out INFPC publications containing information on lifelong training and statistics compiled by the Training Observatory. The aim of these publications is to inform the publics concerned and to promote lifelong learning;
• to send out invitations in connection with events organised by the INFPC or its institutional partners;
• to improve user experience on the infpc.lu and lifelong-learning.lu websites and maintain visitor statistics (cookies);
• on behalf of the Ministry of Education, Children and Youth, to process requests for the co-funding of continuing vocational training received from companies.

Processing is based on Article 6 of the GDPR, which specifies that processing is lawful if:

• it is necessary for the performance of a contract (Art. 6(1)b of the GDPR) (with the aim of entering into a contract with users and providing them with the services they require);
• it is necessary for compliance with a legal obligation to which the Controller is subject (Art. 6(1)c of the GDPR);
• it is necessary for the performance of a task carried out in the public interest (Art. 6(1)e of the GDPR).

Special processing in connection with measuring hits and improving the user experience

With a view to optimising your user experience, monitoring use of its websites and improving them, the INFPC uses the following tools: Google Analytics, YouTube and Google Maps. You may consult Google's rules on confidentiality if you require further information.

When you visit infpc.lu and lifelong-learning.lu, you will be informed which cookies are necessary for browsing and allow audience statistics to be compiled.

You can change your cookie settings at any time, in your browser.

Presence on social media

The INFPC is present on various social media: Facebook, Twitter and LinkedIn.

For information on the policies on the use and processing of Personal Data these platforms apply, please consult the following dedicated pages: Facebook, Twitter, LinkedIn.

Special processing connected with registrations for events organised by the INFPC

Requests for information and registrations for training courses are forwarded to the training provider concerned, which will reply to you. Training providers undertake to process the data forwarded to them in accordance with the Laws on the protection of personal data.

The INFPC uses JotForm to manage registrations for its events. For more information on this, you may consult JotForm's confidentiality policy.

Is Personal Data passed on to third parties? 

In order to provide the services required by the Persons Concerned and carry out the tasks entrusted to it, the INFPC may need to forward Personal Data to third parties in the context of:

• sub-contracting the despatch of publications or invitations to events for the INFPC or its institutional partners;
• a request for information or registration for a training course posted on the lifelong-learning.lu website. The data is passed on to the training body concerned so that it may reply to the request or confirm the registration;
• technical sub-contracting, as for instance to IT service providers (website host, supplier of accounting software or contacts database management systems, etc.);
• the examination of requests for co-funding continuing vocational training. Data is sent to the Ministry of Education, Children and Youth in order to reply to companies requesting State funding aid for training.

Within the meaning of the Laws on the protection of personal data, these service providers are recipients of Personal Data ("Recipients"). It is possible for Recipients, under their own responsibility, to entrust the processing of the said Personal Data to their own agents or their own service providers ("Secondary Recipients") which then process the data solely in order to assist the Recipients in providing their services to the INFPC and/or assisting the Recipients in the context of compliance with their statutory obligations.

Where are the Recipients and/or the Secondary Recipients of Personal Data located ?

Personal Data may be disclosed to Recipients and/or Secondary Recipients located in a country inside or outside the European Economic Area (EEA).

If Personal Data is disclosed to Recipients and/or Secondary Recipients outside the EEE that do not offer a satisfactory level of protection for the personal data, data is communicated to them on the basis of standard contractual clauses approved by the European Commission.

Any Person Concerned has the right to request a copy of these standard contractual clauses by contacting the INFPC by e-mail or letter at the following addresses:

• dpo@infpc.lu
• INFPC
  Institut national pour le développement de la formation professionnelle continue
  À l'attention du Délégué à la protection des données (DPO)
  Immeuble CUBUS C2
  2, rue Peternelchen
  L-2370 Howald

Recipients and Secondary Recipients process Personal Data in their capacity as processors (when they are acting on instructions from the INFPC), or as separate Controllers (when they process the Personal Data for their own purposes, i.e. for their own requirements and in compliance with their own statutory obligations). Personal Data may also be forwarded to the Administration and public authorities, including the tax authorities, in compliance with the applicable laws and regulations.

Where does the Personal Data that is processed come from ?

The Personal Data that is processed is collected directly from users when they request information, register for a training course or event, or in the context of a contractual relationship.

They also come from people representing businesses and companies (managers, human resource departments, training officers, etc.).

How long is Personal Data kept for?

Personal Data is kept until the purpose for which is was collected has been achieved. This means that it is kept as long as necessary for achieving the purposes for which it is processed, subject to the statutory limits applicable.

It may also be deleted at the request of the Person Concerned or if the Person unsubscribes, in accordance with the section below on the rights of Persons Concerned.

What are your rights, how may you exercise them, and where should you send your requests for information?

In accordance with the Laws on the protection of personal data, in your capacity as a Person Concerned, you have the following rights:

• the right to access your Personal Data: you are entitled to obtain information on the processing of data about you;
• the right to correction: you are entitled to have your Personal Data amended if it is incorrect or incomplete;
• the right to be forgotten: you are entitled to have your Personal Data deleted;
• the right to restrict processing: you are entitled to have a limit set on the processing of your Personal Data;
• the right to the portability of your Personal Data: you are entitled to obtain the Personal Data that has been communicated and have it transferred elsewhere, on request;
• the right to opposition: you are entitled to oppose the processing of your Personal Data.

These rights apply within the limits of the Laws on the protection of personal data.

To exercise your rights, you may send an e-mail or letter to:

• dpo@infpc.lu
• INFPC
  Institut national pour le développement de la formation professionnelle continue
  À l'attention du Délégué à la protection des données (DPO)
  Immeuble CUBUS C2
  2, rue Peternelchen
  L-2370 Howald

In addition to your rights listed above, you may also make a complaint to the National Commission for Data Protection (Commission Nationale pour la Protection des Données - CNPD) at the following address: 15 Boulevard du Jazz, L-4370 Belvaux, or if you live in another member State of the European Union, to the supervisory authority with the corresponding competence in that country.

How is your Personal Data protected?

The INFPC aims to store your Personal Data as securely as possible and only for the amount of time necessary for the purpose of the processing, as described in this Policy.

In compliance with the requirements of the Laws on the protection of personal data, the INFPC implements every appropriate physical, technical and organisational measure to ensure the security and confidentiality of Personal Data in order to prevent as far as possible any unauthorised access, falsification, disclosure or destruction of Personal Data. The INFPC cannot be held responsible in the event of an occurrence of force majeure, such as a cyber attack.

Updating of information

The information on the processing of Personal Data will be updated as often as necessary according to the processing carried out, and always in compliance with the applicable legislation.

Special processing in the context of a recruitment procedure

In the context of recruitment procedures, the INFPC obtains Personal Data on the people who have sent their applications in by e-mail or by post. This Personal Data is processed solely for the purposes of the recruitment and is deleted no later than 12 months after receipt, unless the candidate(s) consent to the information being kept for longer.