Update 1.2: 21 septembre 2018
AGORA s.à r.l. et Cie (“Agora” or “we”), the controller for the processing of your personal data, pays particular attention to protecting the information that concerns you and that we process in accordance with Regulation (EU) 2016/679 of 27 April 2016.
- Via our social media pages and app pages: Twitter, LinkedIn, YouTube, (collectively our “social media pages”):
- Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; twitter.com/privacy
- LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy
- Youtube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA; policies.google.com/privacy
- Via email messages (including also messages via MailChimp - The Rocket Science Group, LLC; 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA; https://mailchimp.com/legal/privacy) letters sent by post or phone calls that we address to you or receive from you.
- Via our purchasing, tender or recruitment procedures;
- Via our document exchange platform which enables documents to be exchanged between authorised persons working on a project on our behalf.
Collectively under the term “Services” we refer to:
- the functionalities of the websites and social media pages, email messages, letters sent by post or phone calls enabling us to respond to your requests
- the functionalities enabling you to register for an account so that you can consult the documentation relating to calls for tenders;
- the files we set up at the time of launching purchasing, tender or recruitment procedures;
- the functionalities enabling access to and use of the document exchange platform.
1. Personal data
“Personal data” are defined by the Regulation as “any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Collection of personal data
It is not necessary to input personal data if you wish to consult our websites.
Agora collects personal data in various ways, in particular:
- We collect personal data via the Services, for example when you send us an enquiry via a contact form on our websites, an email, a phone call, when you register for an account in order to access calls for tenders or our document exchange platform, when you respond to our calls for tenders, our purchasing or recruitment procedures.
- We also collect personal data when you give us your business card, send us a letter by post or when you submit an enquiry to us by any other means.
- We collect personal data through other sources, for example: databases accessible to the public, joint business partners.
Use of personal data
Agora uses your personal data for operational purposes, in particular for:
- Implementing the Services, including responding to your enquiries, complaints or claims, and analysing your bids for calls for tenders.
- Providing you with information and information documents.
- reparing personalised Services following your enquiries, our calls for tenders, our purchasing procedures, our recruitment activities, your use of the document exchange platform.
- Analysing our websites users’ preferences in order to prepare reports on aggregate trends in the way our content is used, so as to improve our Services.
- Sending you invitations to our events, trade fairs and exhibitions in which we are participating or other events we are supporting.
- Anonymising personal data: We are able to aggregate and anonymise personal data so that they are no longer regarded as personal data. We do this to generate other (non-personal) data for our own exclusive use.
Legal bases for the use of your personal data
We process your personal data on the basis of your consent. For example, when you provide us with personal data via the contact forms on our websites, by email, post or a phone call, we consider that you consent to the processing of your personal data that you communicate to us so that we can follow up your enquiry and contact you again with an answer.
We also process your personal data when this is necessary:
- (i) For the performance of a contract to which you are a party, or of precontractual measures taken at your request, for example when you participate in a call for tenders for which you supply us with a tender file;
- (ii) For realising our legitimate interests, which consist principally of undertaking our tasks of developing sites, launching calls for tenders, and following up candidates and their tender files, organising events and undertaking marketing operations;
- (iii) For complying with our legal obligations and regulations to which we are subject.
Disclosure of personal data
We disclose personal data:
- To our third-party service providers, to facilitate the services they supply to us. These can include providers of services such as website hosting, for the purpose of data analysis, the technical analysis of the data you provide to us within the framework of our calls for tenders, purchasing or recruitment procedures, or other services.
- When you choose to directly disclose or authorise us to disclose your personal data on our websites, social media pages and other communication media.
2. Other information
“Other information” means any information that does not directly reveal your specific identity or is not directly associated with an identifiable person. This includes in particular:
- Information about the browser and device used to access the websites.
- Information collected using cookies.
- The geolocation and other information provided by you which does not directly reveal your specific identity.
- Information that has been aggregated in such a way that it no longer reveals your specific identity.
We and our service providers can also collect other data in various ways, in particular when you visit our websites.
tenders or do not provide us with information yourself, we only collect the personal data that your browser transmits to our server. If you wish to consult our websites, we collect the following data, which are technically necessary for us to present these websites to you and to guarantee their stability and security: IP address, date and time of activities, time zone, content of your enquiry, access status/HTTP status code, quantity of data transferred, referring website, browser, operating system and interface, language and version of the browser software.
As well as the data mentioned above, when you use our websites cookies are stored on your computer. Cookies are small text files that are stored on your hard disk in the browser you use, and by means of which certain information is disseminated to the location that placed the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offering more user-friendly and more efficient as a whole.
Our websites use the following types of cookies: session cookies and persistent cookies.
Session cookies are automatically deleted when you close your browser. Persistent cookies are automatically deleted after a specific period, which can vary depending on the cookie. You can delete cookies at any time in your browser’s security settings.
You can also configure the settings of your browser according to your wishes and needs. Please note that depending on your choices you might not be able to use the full functionalities of our websites.
Use of Matomo (formerly Piwik)
Our websites use the web analysis service Matomo to analyse the traffic and regularly improve the use of our websites. Cookies are stored on your computer for this evaluation. You can configure the settings of your browser to delete existing cookies and prevent such cookies being stored. If you prevent the storage of these cookies, we wish to point out that you might not be able to use the whole of this website.
More information: matomo.org.
Use of social media plug-ins
We use the following social media plug-ins: Twitter, LinkedIn, YouTube. We have no influence over the data collected and the operations used by these social media for processing these data, and we do not assume any liability for their use. These plug-ins enable you to access our social media pages and subscribe to news feeds. They also enable social media platforms (LinkedIn, Twitter, YouTube) to place cookies on your internet browser and access this, in particular when you interact with these platforms via the plug-ins placed on our websites. These cookies enable the social media to identify you and monitor your internet activity for the purposes of targeted advertising, analyses or market research.
- Twitter, twitter.com/en/privacy
- LinkedIn, www.linkedin.com/legal/privacy-policy
- YouTube, policies.google.com/privacy
Link to Google Maps
On the website www.agora.lu we provide a link to Google Maps. We have no influence on the data collected by Google Maps and their data processing and assume no responsibility for their use.
- Google Maps, https://policies.google.com/privacy?hl=en
To protect personal data within our organisation we take adequate organisational, technical and administrative measures that are in accordance with the applicable laws and regulations.
To ensure security during the processing of your personal data, Agora has put SSL (Secure Socket Layer) certificates in place on its websites. These certificates guarantee the encryption of the data exchanges between you and the Agora web servers. Nonetheless, if you have reason to believe that your interaction with us is no longer secure, please advise us of this immediately as described in the section “Contacting us” below.
5. Access to personal data and the rights of individuals
Every user enjoys a right of access, modification and objection to the processing of their personal data, a right to restrict the processing, a right of deletion and a right to the portability of their personal data. However, these rights can only be exercised within the limits of any contractual or legal obligation.
Right to information – confirmation
You have the right to ask us to confirm that we process personal data concerning you. If your personal data are processed, you can ask at any time for information about these personal data and their processing, and to receive a copy of them.
Right of correction - modification
You have the ability to ask us to correct or modify any incorrect personal data concerning you. Bearing in mind the purposes of such processing, you have the right to ask us to complete any incomplete personal data.
Withdrawal of consent
When the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the legality of the processing undertaken prior to the withdrawal of such consent.
Right of objection
You have the right to object at any time to the processing of your personal data for the purposes of direct marketing or to realise other legitimate interests. However, we can continue to process your personal data if they are necessary for us within the framework of our pre-contractual or contractual relationship.
Right to the restriction of processing
You have the ability to request the restriction of the processing of your personal data with a view to limiting the instances in which we are able to use them.
Right of withdrawal (“Right to be forgotten”)
You have the right to ask for the deletion of the personal data concerning you. However, please note that we reserve the right to continue to send you administrative or contractual messages within the context of important contractual, technical or regulatory relations from which we are unable to withdraw.
Right to portability
You have a right to the portability of your personal data, which enables you to receive the personal data you did not provide to us yourself, in a structured format that is currently used and machine-readable, and, if technically possible, to have these personal data transmitted to a third party.
In all cases we will do our best to reply to your requests within a reasonable period.
How to access your personal data and exercise your rights?
If you wish to ask to consult, correct, update or delete your personal data or restrict the processing or object to this, or if you wish to receive an electronic copy of your personal data, including so as to be able to transmit them to another company (insofar as this right to the transferability of the data is granted to you by the applicable law), you can do so using the contact details in the section entitled “Contacting us” below. We will reply to your request in accordance with the legal and regulatory provisions in force.
In your request please clearly indicate the personal data you would like to have modified, the uses to which you wish to object, whether you wish your personal data to be deleted from our database, or indicate to us the limits you would like to impose on the use of your personal data. For your protection, we can only implement requests concerning the personal data associated with the particular email or personal address you use to send us your request. We might also need to verify your identity before implementing your request.
Please note that we might possibly need to retain certain personal data for the purposes of record-keeping and/or to complete any transaction that you commenced before requesting a modification or deletion.
6. Retention period
We retain personal data for as long as is necessary in terms of the purposes for which they were obtained, and in accordance with the applicable laws and regulations.
The criteria used to determine our retention periods comprise:
- The duration of our relationship with you and the period for which we have provided you with the Services to ensure the proper maintenance and follow-up of your file (for example, while you have an open account under the heading Call for tenders - www.agora.lu/fr/appels-doffres/ - or while you continue to use the Services);
- Whether there is a legal obligation to which we are subject; or
- Whether such retention is desirable taking account of our legal situation (for example with regard to limitation periods, disputes or regulatory enquiries).
Unless there are requirements relating to public order, contractual provisions or legal disputes, we shall make every effort not to store your data beyond a period of thirteen (13) months from the last time they were transmitted.
7. Third-party services
In addition we are not liable for the collection, use, disclosure or security policies or practices of other organisations, application developers, application providers, providers of social media platforms, providers of operating systems, providers of wireless services or equipment manufacturers, including with regard to the personal data you disclose to other organisations by means of or in connection with mobile applications or our social media pages.
8. Use of the Services by minors
The Services are not intended for underage persons. The use of the Services by underage persons takes place under the responsibility of their parents or legal guardian. We do not knowingly collect personal data from underage persons.
9. Jurisdiction and cross-border transmission
Your personal data can be stored and processed in any country of the European Union where we have facilities or in which we use service providers (for more information please refer to the section “Imprint”[A1] on our websites). When using the Services, you understand that your personal data can be transmitted to countries outside your country of residence.
10. Sensitive information
As far as possible and unless explicitly required or mandated by the applicable laws and regulations, we ask you neither to communicate to us nor to disclose sensitive personal data (for example, social security numbers, information connected with race or ethnic origin, political opinions, religion or other beliefs, health, biometric or genetic characteristics, or criminal history) on our websites and social network pages or otherwise via the Services.
11. Acceptance of conditions
13. Contacting us
- By email to the following address:
- By post to the following address:
Société de développement AGORA s.à r.l. et Cie
Attention: Délégué à la Protection des Données (FAO Data Protection Officer)
3, avenue du Rock’n’ Roll
14. Supervisory authority
Every user has the right to submit a complaint to the competent supervisory authority, in particular to that of the member state of their usual place of residence or place of work, or for an infringement of the regulations concerning the protection of personal data (in Luxembourg, the National Commission for Data Protection (https://cnpd.public.lu/fr.html).
(*) Only the text in French shall be binding.