Specific information to visitors on data protection, regarding the collection of contact data during the pandemic for the contact register

You will find below information on the processing of your data relating to the documentation of professional contacts with employees of our company, in compliance with the current regulations on the preventive management of the personal contact monitoring (contact register; communication of the central crisis cell of E. ON of 03.20..2020 and the crisis cell of the VSE group of 03.27.2020

  1. Data Controller

cegecom s.a.
3, rue Jean Piret
L-2350 Luxembourg

Tel: +352 27 60-1
Fax: +352 27 60-9699
E-Mail: info@artelis.net

  1. Contact details of the Data Protection Officer

cegecom s.a.
Data Protection Officer
3, rue Jean Piret
L-2350 Luxembourg

E-Mail: datenschutz@artelis.net

  1. Categories of personal data processed, purposes and legal bases of processing

In situation of contact with employees, suppliers, etc. within the company, the Responsible in charge processes the following data:

  • Name of the person, of the company (if any)

  • Date of the contact day

  • Reason and duration of personal contact

Contact data will only be processed for face-to-face contacts with a cumulative duration of at least 15 minutes, for example during a conversation at a distance of less than 2 m.

These data are collected to protect employees, and to ensure the company’s activity as a critical infrastructure in the context of the current Coronavirus crisis. Your data is processed, among others on the basis of legitimate interest, in accordance with Article 6, paragraph 1, point f, of the General Data Protection Regulation (GDPR).

  1. Recipients or categories of recipients of personal data

Your personal data are safely stored by the contact person (employee) and, if necessary, transmitted to the legitimate recipients for the above purposes (such as the Health authorities, by virtue of a statutory obligation).

  1. Transmission of personal data to a third country

The transmission of data to countries where there is no adequate level of data protection (“third country”) is carried out within the framework of the administration, development and operation of computer systems, and only to the extent that transmission is in principle authorised, and to the extent that the specific conditions of transfer to a third country are met, especially if the data importer guarantees an adequate level of data protection, in accordance with the EU’s standard contractual clauses on the transmission of personal data to data handlers in third countries.

The standard EU contractual clauses can be found at: eurlex.europa.eu/LexUriServ/LexUriServ.do.

  1. Duration of conservation of personal data

The documentation is deleted or destroyed no later than after the official end of the crisis, unless there are other legal requirements for the conservation of documentation.

  1. Rights of concerned persons

Under the EU General Data Protection Regulations, you have the following rights:

  • Obtain information on: personal data processed or its categories, the purposes of the processing, the categories of recipients to whom your data has been or will be disclosed, the intention to transmit data to a third country or international organization, including appropriate safeguards, the expected duration of conservation, the existence of a right to correct, erase, limit treatment or object , the existence of a right of appeal, the origin of your data, if it has not been collected from us, as well as the existence of automated decision-making, including profiling and, if necessary, relevant information on its details;

  • Require the correction, addition or deletion of your personal data that is false or not processed in accordance with the law;

  • Require us to limit the processing of your personal data;

  • Oppose, under certain circumstances, the processing of your personal data, or revoke the agreement previously given for the processing;

  • Receive your personal data that you have provided to us in a structured, current and readable format by an information processing system, or require transmission to another Officer;

  • File a complaint to the data protection supervisory authority (Article 77 of the GDPR).

  • For cegecom: National Commission for Data Protection
    Commission Nationale pour la Protection des Données (CNPD)
    15, boulevard du Jazz
    L-4370 Belvaux