Data Protection Policy - LuxID
Data Protection Policy
POST attaches great importance to protecting your privacy and is aware of how important it is to you.
Foreword
POST does everything possible to ensure to provide its clients with a confident service by processing your data in a transparent way as well as in strict compliance with applicable regulations in accordance with your own preferences.
How to contact us?
Personal data collected by POST websites and/or mobile apps is subject to automated processing. The data controller responsible for such processing is:
POST Luxembourg
POST Luxembourg / RCS Luxemburg : J28 / VAT : LU 15400030
- 38, place de la Gare, L-1616 Luxembourg
- Tel: +352 2424-1
- Fax: +352 47 51 10
- E-mail: contact.group@post.lu
Other contact details
Data Protection Officer (DPO)’s details:
- POST Luxembourg – DPO, 38, place de la Gare, L-1616 Luxembourg
- E-mail: privacy@post.lu
Data protection
Answers to your questions
(version 3.3)
The personal data we collect from you when you browse POST websites or use POST mobile apps is subject to computer processing for at least one of the following purposes:
-
To provide you with the service or information requested;
-
To manage your business relationship with POST;
-
To process, track and fulfil your orders when you make purchases on our websites or mobile apps;
-
To compile statistics and analyses on traffic to and browsing of the proposed webpages and sections, in order to understand how you interact with our websites and improve the quality of services we offer you as a result;
-
To notify you about POST and partner products, events, offers and services when you subscribe to these news feeds (newsletter, RSS feeds etc.);
-
To customise how the websites function to your preferences (language, display preferences, etc.);
-
To offer personalised and targeted content (products and services) based on your interests, pages you have already visited, and your purchase history;
-
To give you access to tailored offers and benefits as part of our loyalty scheme, if you sign up;
-
To send you advertising, subject to obtaining your prior consent;
-
To maintain secure access to your personal data and detect any hacking attempts;
-
To obtain your opinions through surveys in which you can choose to participate;
-
To manage the competitions or lotteries organised by POST, if you decide to take part in them;
-
To process your applications if you apply for one of the job vacancies published by POST.
For each of the purposes indicated above, the processing of your personal data is based:
-
On the fact that it is necessary for the performance of an agreement concluded between you and POST, or for the performance of pre-contractual measures taken at your request;
-
On the fact that it is required for compliance with a legal obligation to which POST is subject;
-
On the fact that you have consented to processing;
-
On an interest recognised as legitimate for POST (fraud prevention, data and infrastructure security, etc.).
POST ensures that your personal data is processed in a way that is fully compatible with the purposes indicated above. In the event of further processing of your data for a purpose other than that initially provided for, all necessary information will be sent to you in advance. You may then object to this further processing.
Vos « données personnelles » font référence à toutes les informations vous concernant en tant que personne physique et qui permettent de vous identifier, directement ou indirectement.
Les données personnelles que POST est susceptible de collecter et traiter lorsque vous naviguez sur ses sites Internet ou utilisez ses applications mobiles sont :
-
Des données d’identification de base, telles que vos noms et prénoms, vos date et lieu de naissance, votre adresse postale, votre adresse e-mail, vos numéros de téléphone, etc,
-
Des données techniques de connexion et de navigation, telles que l’adresse IP de votre terminal, la date & l'heure de votre connexion, les pages visitées, les caractéristiques de votre navigateur (type, langue, etc.) et de votre terminal (type, résolution, etc.), votre login / mot de passe de connexion, les cookies, etc.
-
Des données de vie personnelle, telles que votre situation familiale, la composition de votre ménage, vos habitudes de vie, vos hobbies, etc.
-
Des données bancaires, telles que votre numéro de compte, votre IBAN, les coordonnées bancaires de vos bénéficiaires, les données d’identification de vos moyens de paiement, etc.
-
Des données de vie professionnelle (données habituellement renseignées dans un CV lorsque vous postulez à une offre d’emploi),
-
Des données de localisation géographique (géolocalisation),
-
Des données de publication, telles que vos centres d’intérêt, avis, commentaires, notes, messages publiés via les forums et fonctions communautaires et sociales des sites ou des applications mobiles,
-
Des données de comportement, telles que vos historiques d’achat.
Certaines informations collectées sont obligatoires pour atteindre les objectifs décrits ci-dessus, d’autres sont facultatives. Vous êtes systématiquement informé du caractère obligatoire ou facultatif d’une information lors de sa collecte. Si vous ne renseignez pas certains champs obligatoires, ceci peut avoir pour conséquence l’impossibilité pour POST de vous fournir le produit ou le service concerné, ou de vous en garantir la qualité attendue.
Quel que soit l'objectif poursuivi et justifiant le traitement de vos données personnelles, aucune information dite "sensible" au regard de la règlementation ne sera manipulée tout au long de votre parcours client chez POST.
When you use its websites or mobile applications, POST may collect your personal data in different locations or at different times when:
-
You browse pages on a POST website or mobile app;
-
You subscribe to one of our news feeds (newsletters, RSS feeds, notifications, etc.);
-
You create your personal account in the MyPost app (“My account” section);
-
When you contact us (“Contact” section or Online Instant Messaging tool);
-
You fill out an order form for an online purchase;
-
You apply for a job (“Join us” or “Careers” section);
-
You give us your opinion on our products & services;
-
You participate in a survey or competition.
POST makes sure to only collect data that is strictly required for providing the services you want to use.
POST may also have cause to collect certain personal data that is indirectly related to you:
-
By purchasing files from third-party organisations with which you may be connected, if you have previously consented to share your data with such organisations;
-
By using Open Data files.
When POST uses your data obtained from these types of files, you will be notified when contact is first made.
The personal data we collect from you when you browse POST websites or use POST mobile apps will primarily be used by the internal departments at POST that are authorised to process it. Nevertheless, it may be sent:
-
to the processing companies that POST uses to deliver certain services, such as, for example, the hosting and operating of websites, the sending of our newsletter, and the management, processing and payment of your online purchases;
-
to postal services and overseas customs services when you send letters and/or parcels to another country;
-
to companies instructed by the Luxembourg regulator to provide universal telephone directory and enquiry services, unless you have expressed an objection to your number being published by these services;
-
to business partners, provided that you have consented to being contacted by them.
POST may be required to transfer some of your personal data to a third party at the request of the judicial authorities or any other administrative authority empowered by law.
In addition, POST ensures that any transfer of your personal data to authorised third parties will not result in your data being transferred to a country located outside of the European Union without taking appropriate additional protective measures, seeking in particular to ensure you can exercise your rights.
Personal data collected and processed by POST will only be retained for a period that is strictly necessary to achieve the stated processing objectives and to ensure compliance with a legal obligation imposed by the applicable legislation.
As such, depending on the type of data processed and the purposes envisaged, POST’s retention period will be:
-
no more than 3 months from the date on which the data is recorded by POST, for data processed across the online Instant Messaging tool;
-
no more than 6 months from the date on which the data is recorded by POST, for data processed for traceability purposes, for logical security or for the proper functioning of IT applications and networks;
-
no more than 13 months from the point of creation, for cookies and other trackers managed by POST websites or mobile apps;
-
no more than 2 years after your most recent contact with POST, for data processed in respect of a job application;
-
no more than 3 years from the date of data collection by POST or after your most recent contact with POST, for data processed for marketing purposes;
-
no more than 3 years from the end of your business relationship with POST, for data processed for marketing campaign purposes and/or to promote POST’s or its partners’ offers;
-
no more than 10 years from the end of your business relationship with POST, for data related to contractual (agreements, guarantees, complaints, debt collection and litigation, etc.) or accounting aspects (billing, order forms, delivery receipts, etc.).
POST implements appropriate and reasonable security measures in light of the risks posed by the processing carried out in order to protect your data against destruction, loss, modification, disclosure or unauthorised access and any other form of illegal processing.
All POST employees and processors with access to your personal data as part of their jobs are bound by strict confidentiality obligations. They only access the data they need to do their job and are regularly made aware of and trained on the compliance and security rules applicable to your personal data.
The security measures applied to our websites and mobile apps are periodically checked and tested by teams from the POST CyberForce department.
In addition, in the event of a Personal Data breach likely to result in a risk to your rights and freedoms, POST undertakes to comply with its obligation to notify the CNPD of said Personal Data breaches.
Where POST processes your personal data, you may exercise the following rights at any time and to the extent permitted by law:
-
To be informed of the processing of your personal data by POST;
-
To access your personal data (to know which data has been collected and processed and to obtain a copy), ask for them to be corrected if they are incorrect or incomplete, ask for them to be erased if they are outdated;
-
To refuse to allow them to be processed for legitimate reasons (in particular for marketing purposes);
-
If the prior conditions are met, to request that the processing of your personal data be restricted or that your data be erased entirely (right to be forgotten);
-
To request a copy of the personal data you have provided to POST in a structured format (data portability), unless this infringes the rights and freedoms of third parties;
-
To request that your data not be included in decisions based entirely on automated processing, including profiling, when such decisions would have legal ramifications relating to you or affect you significantly in a similar fashion. You can also ask for the logic behind the automated processing to be clarified in order to be able to contest it and request that it be reviewed by an individual;
-
To withdraw your consent to processing based on the latter at any time.
You can exercise one of these rights free of charge by contacting the POST DPO whose contact details are given at the top of this page.
So that we can respond to your request securely and prevent any identity fraud, you may be asked to provide proof of identity.
POST undertakes to respond within no more than one month following receipt of your duly completed request.
You can also file a complaint with the National Commission for Data Protection (CNPD) on their website: www.cnpd.lu???????
Cookie management
Answers to your questions
(version 3.3)
A cookie is a small file generally made up of letters and numbers sent by the internet server and saved to your device (PC, tablet or smartphone) via your web browser (Google Chrome, Mozilla Firefox, Microsoft Internet Explorer or Edge, Apple Safari, Opera, etc.).
Some cookies are stored directly by the websites you visit. Others, known as “third-party cookies” are stored by the website’s partners (social networks, advertising networks etc.).
Most cookies store technical information relating to your browsing history on a particular website (language settings, screen size and resolution, connection time, pages visited, IP address, etc.) to enable that website to “recognise” your device throughout your interaction with it.
They are generally required to enable the website to function properly (saving your session, your shopping basket, remembering your favourites, etc.), but they also serve to analyse your browsing behaviour on the website, optimising your experience and showing you personalised content such as articles, offers, search suggestions or targeted advertising in line with your preferences, if you wish.
Please note that sharing your device with other people is likely to have an impact on the personalisation the cookies we use can offer and consequently on their effectiveness in terms of your individual preferences.
“Third-party cookies” may also be placed on your device during your browsing. The acceptance of these cookies allows in particular the display of content linked to other sites (“sharing to social networks”, etc.). The deposit of these "third-party cookies" is subject to the data protection policies of these third parties, who are solely responsible for the collection.
Our websites and our mobile apps may use a range of cookies to better customise how they function, by interacting with your user profile.
Our websites and mobile apps primarily use five types of cookies:
Strictly necessary cookies
These make it possible to use the main functions of the websites and/or mobile apps, such as remembering your device’s display preferences (language, display settings) based on the graphic charter, the device type and the viewing and screen reading software that you use (internet browser type) and to take this into account during subsequent visits.
They also allow us to link the various pages consulted together so as to enable a seamless browsing experience.
They mean we can manage your user session once you have been identified, as well as the content of your shopping basket if applicable.
These cookies are essential to enabling our websites and mobile apps to function properly and cannot be disabled by our systems, which is why consent is not required prior to the implementation of this category of cookies.
Audience measurement, analytics and statistics cookies
These allow us to compile statistics and traffic and usage counts for the various pages and sections of the websites and mobile apps (number of visits, pages viewed, your journey on the websites, the links you click on, your return frequency, etc.).
The following information is helpful to us for:
-
Achieving studies and research in order to adapt the website content to suit your needs;
-
Measuring and improving the performance of our websites and mobile apps;
-
Detecting malfunctions and improving our service quality.
All data collected by these cookies is aggregated and processed statistically and not individually.
Content personalisation cookies
These allow us to improve the functionality and personalisation of our content on our websites, for example through the use of videos and instant messaging services. By accepting this category of cookies, you will be able to use these additional features and we can offer you products and services that are more tailored to you.
Social media cookies
In order to make our websites more interactive, we may use third-party services offered by social networking websites so you can share our content with your network and your friends. These services use cookies when you interact with them. They include:
-
Like and share buttons on social media (Facebook, LinkedIn, etc.);
-
Content sharing buttons on social media (Facebook, Twitter, Instagram, LinkedIn, etc.);
Third-party cookies from social networks are likely to collect your data in order to track your browsing, simply because you have kept an open session on one of these social networks from your terminal.
Advertising & commercial cookies
These cookies may be placed on your device if you have explicitly consented to receive them to identify your preferences and interests and the products viewed or purchased on our website, so that the dynamic ads displayed to you, either by POST or by our business partners, in the relevant spaces can be tailored to you. In this case, they can be used by these companies to build profiles based on your interests, in order to offer you targeted advertising on other websites as well.
These cookies only work by identifying your web browser and your device.
Our websites do not place or read any cookies on your device before you have given your consent via our "cookie configurator". You can change your decision regarding cookie management at any time via this same configurator.
When you visit the homepage of one of our websites, a dedicated cookie information banner will pop up. You will then be asked to accept all cookies embedded in the pages you visit, or to customise your cookie preferences.
Strictly necessary cookies
These cookies do not require your consent because they are essential to the technical functioning of the websites and mobile apps.
However, you can always object to said cookies being stored on your device and delete them in your browser’s configuration settings. Nevertheless, your user experience may be much less enjoyable, and you may no longer be able to access some website features.
Other categories of cookies (audience measurement, social media, personalisation, advertising)
These cookies cannot be stored used without your prior consent. If you agree to these categories of cookies being used, you can however change your choice later, by modifying your preferences at any time via the “Cookie settings” link accessible at the bottom of each page of the site.
For further information on cookie settings in the main web browsers, please read the browser software publishers’ documentation.
The retention period for cookies that we manage on our websites and mobile apps is a maximum of 13 months and varies according to the type and category of cookie used. At the end of these 13 months, a new request for consent may be made to you for the categories of cookies that require it.The cookies we manage on our websites and mobile apps cannot be stored for more than 13 months.