Privacy Notice
1. Preface
With the following information, we would like to give you, the "data subject", an overview of the processing of your personal data and your rights under the EU General Data Protection Regulation UE 2016/679. This information notice concerns:
- Landing page of the study (heba.lu).
- The corresponding pages of the online questionnaire.
The start and information pages of the study can generally be used without entering personal data. If you take part in the online survey, the following information only relates to the use of the online questionnaire pages themselves. Additional information regarding the handling of your personal data as part of the study participation (collected by completing the questionnaire) can be found in the study participant information document. We will inform you about this separately before the start of the survey.
In this policy, we outline:
- what personal data (“data”) we collect when data subjects (“you”, “your”) visit our sites and use our services;
- for what purposes this data is collected;
- where and how long it is kept;
- and your rights regarding data as per EU General Data Protection Regulation (“GDPR”).
2. Who is the controller?
The controller is the University of Luxembourg.
University of Luxembourg,
2, avenue de l’Université,
L-4365 Esch-sur-Alzette.
The University of Luxembourg’s Data Protection Officer’s contact information is given below. This contact should be used to exercise your rights regarding personal data and for general inquiries on data protection.
Dr Sandrine Munoz,
dpo@uni.lu
University of Luxembourg,
Data Protection Office, Central Administration,
Maison du Savoir,
2 avenue de l’Université
L-4365 Esch-sur-Alzette.
3. Website
3.1 Site visitor information
Data and its use purpose
When you visit heba.lu website, we collect the following information:
- your IP address,
- your device type, name and ID,
- your browser version,
- your operating system and language settings,
- date and time of web resource access request,
- content of access request,
- status and size of response to a request.
Site visitor information listed above is automatically collected by server-side software delivering pages to site visitors. We use this data to analyse site access, which in turn, allows us to further optimise and secure our site.
In addition, only if you agree to the use of Matomo site analytics, then we will collect the following information during your visit to our site:
- visitor ID, which is a unique string calculated based on your IP address (two bytes masked), operating system, browser, browser plugins, and browser language,
- the URLs, and titles of pages you visit on our site as well as custom events on our pages (such as links clicked),
- referrer page, which is like a search engine or newsletter link, that leads you to visit our site.
The site analytics information allows us to optimise our site-content and its delivery. We use this information to determine whether you have visited our website before, what you have previously viewed or clicked on, how user-friendly our forms are and how you found us. The information does not contain any personal identifier information, is only used for statistical purposes, and it helps us to analyse patterns of user activity and to develop a better user experience. We also use this information to prepare aggregated, anonymous statistical reports of visitor activity needed for performance evaluation.
Legal basis
The site visitor information is necessary for us to deliver the website to you as well as to guarantee the website’s stability and security. It is in our legitimate interest (GDPR Article 6(1)(f)) to collect and use site visitor information.
The site analytics information is helpful for us to deliver the website to you. The use of site analytics information is based on your consent (art 6.1.(a) of the General Data Protection Regulation 2016/679). You can deny or remove your consent to the use of site analytics in the settings of your web browser at any time. Alternatively, you can also manage your consent for the site analytics used on our website thanks to the cookies banner.
Storage location and duration
We store site visitor and site analytics data on servers located in Luxembourg for a period of 12 months. Visitor logs are deleted after this period, aggregated statistics on site visits are stored as long as the web site is available.
Transfers
We do not transfer site visitor and site analytics information to any other country.
Transfers outside European Union and European Economic Area
We do not transfer site visitor or site analytics information to any other country outside European Union & European Economic Area.
3.2 Site cookies
Data and its purpose of use
We use cookies on the heba.lu website. Cookies are bits of information created and maintained by your web browser when you visit a website. Cookies are categorized as first-party and third-party. First-party cookies are placed by the website you visit and will not track your activity once you leave that website. Third-party cookies are often set by another site and not the one you’re visiting, e.g., advertisements, social media widgets, where they may continue to track your activity across sites. heba.lu website uses first party cookies only.
Technically necessary cookies
The heba.lu website uses technically necessary cookies listed below:
- Cookie preference
When you visit our site(s) for the first time, you will be notified of our cookie policy. You will have the option to proceed only with technically necessary cookies (i.e., optimisation, security and authentication) or (additionally) allow site analytics cookies. We will keep your preference in a cookie named “plg_system_eprivacy”. Your cookie preferences will be displayed at the bottom of pages, and you will have the option to change your cookie settings at any time. - Optimisation and security cookies
Our sites are fronted by load balancers and firewalls managed by the University of Luxembourg. As a result, additional cookies named “LBServer”, “TS*” will be placed in your browser. - Survey cookies
If you participate in the survey, then our survey system places necessary cookies for its function. These are required to remember the survey form of your chosen language and your survey session information. The study survey is conducted in an anonymous mode. Anonymized data is collected and stored within the EU through Alchemer at alchemer.com, a well-known survey software company based in the US. To this end, the University of Luxembourg has established a Data Processing Amendment (DPA) to comply with the General Data Protection Regulation (GDPR) with Alchemer. The data collected is stored exclusively within and never outside the geographical borders of the EU in accordance with the GDPR. The University of Luxembourg has agreed to a Data Retention Policy (DRP) with Alchemer, which sets out how long Alchemer will store survey responses. Data retention is specified therein for a minimum period of time after the completion of the survey. Alchemer LLC is committed to complying with international regulations including GDPR. For more information on Alchemer's privacy policy, visit www.alchemer.com/privacy . To conduct the survey in anonymous mode, Alchemer uses functional and analytics cookies, which are described here https://www.alchemer.com/privacy/cookie-policy/. Alchemer will never ask for your name, phone number, email address or other personally identifiable information. In your written answers, please ensure that you do not provide any personal information. The survey is set up in such a way that the storage of any kind of identifying information such as geodata, IP address or e-mail invitation data is prevented.
Analytical Cookies (Optional)
If you allow the use of website analytics cookies, our website will place the following first-party analytics cookies: "_pk_id" ,"_pk_ses", "_pk_cvar", "_pk_hsr" and "_pk_ref".
- "_pk_id*" contains your unique visitor ID.
- "_pk_ref" contains the referring page information, if applicable.
- "_pk_ses*", "_pk_cvar" and "_pk_hsr" are short-lived cookies used to temporarily store data for a specific visit by you to our website.
All cookies used by our websites are first-party cookies. No personal information is stored in technically necessary cookies. A unique visitor ID is created and stored in analytics cookies.
Storage location and duration
Cookies are regularly stored on your computer until the end of their expiry period summarized below. You may also choose to clear your browser cookies manually.
Cookie category |
Cookie name |
Expiry period |
Cookie preference |
<plg_system_eprivacy > |
6 months |
Cookie preference |
MATOMO_SESSID |
Temporarily created when user opts out of analytics |
Optimisation & Security |
LBServer |
End of browsing session |
Optimisation & Security |
TS* |
End of browsing session |
Survey |
To conduct the survey in anonymous mode, Alchemer uses functional and analytical cookies, which are described here https://www.alchemer.com/privacy/cookie-policy/. |
|
Analytics (optional) |
_pk_id* |
1 year |
Analytics (optional) |
_pk_ref |
6 months |
Analytics (optional) |
_pk_ses*, _pk_cvar, _pk_hsr |
End of browsing session |
Legal basis
The use of cookies is in our legitimate interest (GDPR Article 6(1)(f)) as it is necessary for us to deliver our sites to you in a stable and secure manner.
We collect analytics cookies with your consent (GDPR Article 6(1)(a)) and use those analytics cookies in our legitimate interest (GDPR Article 6(1)(f)) as this information allows us to improve our site for visitors.
Transfers
Essential cookies i.e., the cookie preferences, optimisation & security, authentication and survey categories listed above are required for our websites to function. These cookies are stored on your computer, and information in them is transferred to servers in Luxembourg, when cookie information is used by our site servers.
Optional (analytics) cookies are placed only when you consent to their use. These cookies are stored on your computer, and information in them is transferred to servers in Luxembourg, when cookie information is used by our site analytics servers.4. Survey
Information on the processing of your personal data when answering the online questionnaire can be found in the participant information on the study. You must read them before starting the online survey. You will then be asked separately to give your consent to participate in the study. The surveys are processed via Alchemer. The data is hosted on a server based in the EU. Alchemer is bound by a specific contractual clause for any processing operations of your data on behalf of the University of Luxembourg, and by the confidentiality obligations deriving from the General Data Protection Regulation (‘GDPR’ Regulation (EU) 2016/679). The information we collect will not be given to any third party, except to the extent and for the purpose we may be required to do so by law.
5. How do we protect your data?
We have put in place a number of organisational and technical measures for the protection of your personal data in compliance with the EU GDPR. These measures include but are not limited to pseudonymisation, access control, encrypted data transmission, institutional policies, staff code of conduct and training on data protection.
Only authorized personnel at the UL-LCSB can access the data. Examples of such personnel include system administrators and the LCSB and the University of Luxembourg.6. What are your rights regarding the data we collect?
As per GDPR, you as a “data subject” have rights on your personal data.
You have the right to be informed that UL-LCSB is processing your personal information.
You have the right to access your personal information and in case it is inaccurate or incomplete you have the right to have it rectified without undue delay.
You have the right to ask that we delete your personal data or restrict its use. Where applicable, you have the right to object to our processing of your personal data, and the right to data portability. Your requests for deletion and processing restriction will be assessed by us and we will notify you of the result of this assessment within one month of receipt of the request. This period may be extended by two further months where necessary, taking into account the complexity and the number of applications (in accordance with article 12.3 GDPR).
You can request that we notify you of any changes to your personal data to any other parties to whom your data has been sent.
You have the right to lodge a complaint with the Luxembourgish data protection supervisory authority, CNPD, in case you consider that our processing of your personal data infringes the GDPR.
In order to exercise any of the above rights, you shall contact the University of Luxembourg’s Data Protection Officer in writing. The procedure for this is described in detail here: https://wwwen.uni.lu/university/data_protection/your_rights .