Table of Contents
- Purpose of the policy
- Agent responsible for the processing of personal data
- Purposes of the processing of personal data: why we process the data
- Data processing of architecture studio clients
- Log files and cookies
- External communications
- Contact us
- Processing of data from suppliers, partners and other business contacts
- Data outsourcing
- Links to third party websites
- Data security
- Rights of the data subjects
- Changes to the policy
1. Purpose of the policy
Welcome to our website! In accordance with Articles 13 and 14 of the EU General Data Protection Regulation No. 679/2016 (hereinafter referred to as the “GDPR”), this policy is intended to inform you of the procedures for processing personal data and the protection of such data in connection with our website, its content and services.
The term “personal data” means all information relating to an identified or identifiable person. An “identifiable” individual is one who can be identified directly or indirectly.
2. Agent responsible for the processing of personal data
The agent responsible for the processing of personal data is:
Architect studio: beilerfrancoisfritsch SARL
35, rue du Père Raphaël
Commercial register number: RCS B53804
VAT No.: LU 19594859
Establishment authorisation and number: Architecture and Urban Planning, n° 00120281
3. Purposes of the processing of personal data: why we process the data
3.1. Data processing of architect studio clients
We hereby inform our clients, whether natural persons or persons active within companies using our services, of the processing of their personal data in the context of the implementation of their architectural and urban planning projects.
The data concerned by the data processing include contact details, information concerning offers, quotations, orders, contracts, plans, deliveries of projects, data concerning the personal situation and wishes of clients in relation to the design of their projects (e.g. number of children, reconstituted family situation, collection of cars, etc.), invoicing data as well as all relevant data within the framework of the projects developed by the architect studio.
The architecture studio processes the data collected for:
- managing the contractual relationship with the client,
- keeping the accounts,
- taking into account the client’s wishes when designing the project,
- pursuing our legitimate interests in developing statistics to ensure that the professional quality of our services is always maintained,
- taking photographs of the achievements as part of the development and documentation of the project and, on the basis of the client’s agreement in the case of a private project if necessary, publishing of photographs on our website or in other publications.
The legal basis for the processing is Article 6 (1) (a) (a) (consent), (b) (contract), (c) (legal obligations, cf. accounting) and (f) (legitimate interest) of the GDPR.
Data from architectural and urban planning projects will be archived for 10 years from the final receipt of each project. In the event of significant architectural or historical interest, the architectural studio may keep plans, photographs and other relevant data of the projects concerned to the extent necessary to maintain the portfolio of its works and proof of its intellectual property rights until the expiry of such rights.
3.2. Log files and cookies
Each time you open our website, the browser you use on your end device automatically sends data to our website server to be stored in the server log files. These data consist of information relating to an identified or identifiable person. The following information is stored in this way:
- IP address of your end device,
- date and time of calling up the website (request to the host’s server),
- name and URL of the called file,
- URL of the website from which you called up our website,
- type and version of the browser used,
- operating system used and name of our access provider.
The purpose of such processing is to ensure that our website can be properly opened and displayed on your end device. The information will also be used to optimise our website and ensure the security and stability of our systems.
The legal basis for the processing operation is Article 6 (1) (f) of the GDPR. We have a legitimate interest in providing you with a website that is adapted to your browser. You have the right to object to the provision of such information.
However, in the event of opposition, you may be prevented from using our website in whole or in part.
The processed information will only be stored for the time necessary for the intended use or for the legally prescribed storage period, where applicable.
The recipient of the information is the service provider operating the host server under a data outsourcing contract.
3.3. External communications
Subject to your consent in the case of a private project, we may publish photographs and a project description in printed publications (magazines, newspapers, books, etc.) or share this information on websites or online sharing platforms (Instagram, Facebook, Twitter, etc.). With your agreement as a client, the name and, if applicable, contact details may also be published or shared.
The legal basis for the processing of personal data is Article 6 (1) (a) of the GDPR (consent).
3.4. Contact us
If you have any questions or requests of any kind, you can contact us by all the usual means.
In this context, you will need to provide updated contact information so that we can confirm your identity and be able to respond to your request. You may, of course, choose to provide other information on an optional basis.
The processing of data for the purpose of contacting us, pursuant to Article 6 (1) (a) of the GDPR, is based on your freely given consent to the information provided by you. Another legal basis, in accordance with Article 6 (1) (f) of the GDPR, is our legitimate interest in giving you the opportunity to contact us and to be able to respond to your requests.
The purpose of processing this data is to process your request. Personal data are deleted as soon as they are no longer necessary for the purposes for which they were collected.
3.5. Processing of data from suppliers, partners and other business contacts
The architect studio processes the professional details of its suppliers, including subcontractors, partners and other professional contacts in the context of contracts for the supply of goods or services concluded with them or the maintenance of its database of professional contacts.
The publicly available contact details and data that you or your company have, if any, provided in connection with the supply of goods or services may be used to contact you in connection with the activity of the architect studio and to manage the supply of goods or services made by you or your company on behalf of the architect studio in the context of a contractual relationship if any. Please notify us of any changes to your contact details so that we can update them, and let us know if you no longer wish to be included in our professional database (due to retirement or other reasons).
The legal basis for the processing of data from suppliers, partners and other business contacts is Article 6 (1) (b) (contract), (c) (legal obligations, cf. accounting) and (f) (legitimate interest) of the DGPS.
Our database is updated regularly to keep only relevant information. In the event of a contract for the supply of goods or services, personal data will be kept for as long as necessary, taking into account the professional relationship, the service concerned and, where applicable, the ten-year guarantee. Accounting data and supporting documents will be kept for ten years after the end of the financial year concerned.
You can send us a job application.
If you contact us in this context, we will collect your e-mail address and relevant information about your application. The purpose of such processing is to manage your application.
The legal basis for the data processing concerned is Article 6 (1) (b) and (f) of the GDPR. We have a legitimate interest in accepting and processing applications and, where appropriate, taking pre-contractual measures related to possible hiring.
The personal data concerned will be kept until we have made a final decision on your application. In the event of employment, personal data will be processed in the context of the execution of the employment contract.
4. Data outsourcing
In addition, we use IT or other service providers as part of our architecture and urban planning activities. Such services may include hosting or data backup services.
In the context of the above-mentioned services, it should be noted that we do not directly process personal information outside the EU. If personal data are transmitted and processed outside the EU by our service providers acting as subcontractors, they are transmitted and processed on the basis of the data protection measures described in particular in our Cookies Policy and in the privacy policies and subcontracting agreements of these service providers.
5. Links to third party websites
Our website may contain links to third party websites. The processing of personal data on other websites is carried out under the responsibility of the third parties concerned. For more information, we invite you to consult the privacy policies of the third party websites concerned.
6. Data security
We protect our website and systems by taking appropriate technical and organisational measures to prevent the loss, destruction, access, modification or dissemination of your data by unauthorised persons. Despite these measures, complete protection against all dangers and risks is impossible given the nature of the Internet, and cannot be guaranteed.
7. Rights of the data subjects
The persons concerned by the processing of personal data have certain rights subject to the applicable legal conditions and exceptions. In brief, each data subject generally has the following rights:
- Right of access of the data subject (Article 15 of the GDPR): you have the right to obtain information on the processing of your personal data and its main components.
- Right of rectification (art. 16 of the GDPR): you have the right to request the rectification of data concerning you and/or the correction of incomplete data.
- Right of objection (Art. 21 of the GDPR): insofar as your personal data are processed on the basis of legitimate interests within the meaning of Article 6 (1) (f) of the GDPR, you have the right to object to such processing on grounds relating to your particular situation (subject to the prevalence of legitimate and imperative reasons relating to the processing of the data concerned) and/or to object to processing for the purpose of prospecting. You can exercise your right to object by sending us an e-mail at email@example.com. Where appropriate, we will keep a file in which the relevant information of persons who have exercised their right of objection will be processed, in order to respect the wishes of the person concerned. The information on the objection list (opt-out) will be stored for three years.
- Right of deletion (Article 17 of the GDPR): under certain conditions, you have the right to request the deletion of your personal data; for example, in the event that the personal data are no longer necessary for the purposes for which they were collected, or if you have a justified objection to data processing. The right of deletion is not always applicable, in particular if the processing is necessary for the purposes of freedom of expression and information, compliance with a legal obligation, a public interest mission or the establishment, exercise or defence of legal rights.
- Right to limit processing (Art. 18 of the GDPR and articles that follow): you have the right to obtain a limitation on the processing of your personal data under certain conditions, in particular if you dispute the accuracy of the data, but you do not wish to have them deleted; if we no longer need this information, but it is necessary for you to establish, exercise or defend your legal rights; or if you have justifiably opposed data processing.
- Right to data portability (Art. 20 of the DGPS): in certain legally defined cases, you have the right to receive a copy of the personal data you have provided us (on the basis of consent or a contract), in a structured, commonly used and machine-readable format, or to obtain their transmission to another data controller when technically possible.
We also inform you that the consent given may be withdrawn at any time. In the case of withdrawal of consent, the processing of the data concerned will be stopped and may no longer be carried out in the future, without prejudice to the legality of the processing which was carried out on the basis of the consent before the withdrawal.
We reserve the right to obtain confirmation of your identity when necessary.
Please send us any request concerning your rights by post to the address indicated under point 2 or by e-mail to firstname.lastname@example.org If you consider that the processing of your personal data is not in accordance with the GDPR, you have the right to file a complaint with the competent data protection authority (see www.cnpd.lu).
8. Changes to this Policy
This Policy may be modified over time, in particular in the event of a change affecting one or more processing operations of personal data or in the event of a change in the applicable rules. We will inform you of any such changes by publishing the new Policy on our website. Please be sure to review the currently applicable Policy when you visit our website.