The INFPC, the National Institute for the Development of Continuing Vocational Training, gathers and uses personal data in the context of its activities as described in this policy on the protection of personal data.
Data is processed in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection
of natural persons with regard to the processing of personal data and on the free movement of such data (the "GDPR") and the Law of 1 August 2018 on the
organisation of the National Commission for Data Protection and the general data protection framework (referred to together hereinafter as the "Laws on the
protection of personal data").
Depending on the purpose of the processing, different categories of personal data ("Personal Data") on the users of the services offered by the INFPC
(in the case of users which are legal entities, the data processed concerns their leaders, HR directors, training managers and representatives) and the
different publics concerned by such services (the "Persons Concerned") may be collected, stored and used by the INFPC. Personal Data includes in particular
The INFPC, a public establishment that is the national Institute for the development of continuing vocational
training, is responsible for processing the Personal Data processed in the context of the purposes and activities described in this Policy.
The INFPC collects and processes Personal Data for the following purposes:
Processing is based on Article 6 of the GDPR, which specifies that processing is lawful if:
With a view to optimising your user experience, monitoring use of its websites and improving them, the INFPC uses the following tools: Google Analytics, YouTube
and Google Maps. You may consult Google's rules on confidentiality
if you require further information.
When you visit infpc.lu and lifelong-learning.lu, you will be informed which cookies are necessary for browsing and allow audience statistics to be
You can change your cookie settings at any time, in your browser.
The INFPC is present on various social media: Facebook, Twitter and LinkedIn.
For information on the policies on the use and processing of Personal Data these platforms apply, please consult the following dedicated pages:
Requests for information and registrations for training courses are forwarded to the training provider concerned, which will reply to you. Training providers
undertake to process the data forwarded to them in accordance with the Laws on the protection of personal data.
The INFPC uses JotForm to manage registrations for its events. For more information on this, you may consult
JotForm's confidentiality policy.
In order to provide the services required by the Persons Concerned and carry out the tasks entrusted to it, the INFPC may need to forward Personal Data
to third parties in the context of:
Within the meaning of the Laws on the protection of personal data, these service providers are recipients of Personal Data ("Recipients"). It is possible
for Recipients, under their own responsibility, to entrust the processing of the said Personal Data to their own agents or their own service providers
("Secondary Recipients") which then process the data solely in order to assist the Recipients in providing their services to the INFPC and/or assisting the
Recipients in the context of compliance with their statutory obligations.
Personal Data may be disclosed to Recipients and/or Secondary Recipients located in a country inside or outside the European Economic Area (EEA).
If Personal Data is disclosed to Recipients and/or Secondary Recipients outside the EEE that do not offer a satisfactory level of protection
for the personal data, data is communicated to them on the basis of standard contractual clauses approved by the European Commission.
Any Person Concerned has the right to request a copy of these standard contractual clauses by contacting the INFPC by e-mail or letter at the
Recipients and Secondary Recipients process Personal Data in their capacity as processors (when they are acting on instructions from the INFPC),
or as separate Controllers (when they process the Personal Data for their own purposes, i.e. for their own requirements and in compliance with their
own statutory obligations). Personal Data may also be forwarded to the Administration and public authorities, including the tax authorities, in
compliance with the applicable laws and regulations.
The Personal Data that is processed is collected directly from users when they request information, register for a training course or event,
or in the context of a contractual relationship.They also come from people representing businesses and companies (managers, human resource
departments, training officers, etc.).
Personal Data is kept until the purpose for which is was collected has been achieved. This means that it is kept as long as necessary for achieving
the purposes for which it is processed, subject to the statutory limits applicable.
It may also be deleted at the request of the Person Concerned or if the Person unsubscribes, in accordance with the section below
on the rights of Persons Concerned.
In accordance with the Laws on the protection of personal data, in your capacity as a Person Concerned, you have the following rights:
These rights apply within the limits of the Laws on the protection of personal data.
To exercise your rights, you may send an e-mail or letter to:
In addition to your rights listed above, you may also make a complaint to the National Commission for Data Protection
(Commission Nationale pour la Protection des Données - CNPD) at the following address: 15 Boulevard du Jazz, L-4370 Belvaux,
or if you live in another member State of the European Union, to the supervisory authority with the corresponding competence in that country.
The INFPC aims to store your Personal Data as securely as possible and only for the amount of time necessary for the purpose of the processing,
as described in this Policy.
In compliance with the requirements of the Laws on the protection of personal data, the INFPC implements every appropriate physical,
technical and organisational measure to ensure the security and confidentiality of Personal Data in order to prevent as far as possible
any unauthorised access, falsification, disclosure or destruction of Personal Data. The INFPC cannot be held responsible in the event of an
occurrence of force majeure, such as a cyber attack.
The information on the processing of Personal Data will be updated as often as necessary according to the processing carried out, and always
in compliance with the applicable legislation.
In the context of recruitment procedures, the INFPC obtains Personal Data on the people who have sent their applications in by e-mail or by post.
This Personal Data is processed solely for the purposes of the recruitment and is deleted no later than 12 months after receipt, unless the candidate(s)
consent to the information being kept for longer.