because we value your privacy
Algoreg is committed to protecting and respecting your personal data.
This Data Protection Policy (hereafter “Policy”) applies to customers residing in EU member states and certain other jurisdictions whose governments have decided to adopt Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural personals with regards to the processing of personal data and on the free movement of such data (the General Data Protection Regulation; “GDPR”) (“Customers”). This Policy is intended to ensure that Customers’ Personal Data (defined as, “any information related to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”) is collected, used and maintained in accordance with the GDPR and applicable data protection and privacy laws.
This Policy describes what kinds of Personal Data Algoreg will collect from our Customers, and how Algoreg will use and maintain Personal Data in connection with the services we provide to them.
This Policy is hereby expressly incorporated into our agreement governing the provision of services by Algoreg to our Customers (the “Contract”). This Policy supplements the Contract and is effective as of 25 May 2018. This Policy shall supersede any conflicting provision related to data protection in other Algoreg agreements applicable to Customers. This Policy shall have no effect in geographical areas not subject to the GDPR.
Who is responsible for the processing of Customers’ Personal Data?
Algoreg is the data controller in the sense of the applicable data protection regulations:
Algoreg S.à r.l.
42, Rue du Commerce L-3540 Dudelange, Luxembourg
Personal Data Algoreg may collect from its Customers
Algoreg collects Personal Data as described in the Contract, in particular from application forms, contact forms, and/or other interactions with our Customers.
Customers should be aware that fields in the applications forms are mandatory fields, because Algoreg needs this information to comply with statutory, legal or contractual requirements, internal procedures or respond to Customers’ requests. Fields Algoreg may request include but are not limited to: last name, first name, mobile phone number, email address. If Customer contacts Algoreg, Algoreg will keep a record of that correspondence for the legally required retention period.
Personal Data that Customers provide to Algoreg should not include any of the following data types, and Customers hereby expressly warrant that they will not provide any of the following data types:racial or ethnic origin,
religious or philosophical beliefs,
data concerning natural person’s health,
data concerning a natural person’s sex life or sexual orientation.
Algoreg may use Personal Data to send direct marketing to our Customers via e-mail, only when Customers have given prior explicit consent in the relevant forms. Customers may at any time withdraw consent to receive marketing communications by:
for newsletters, clicking at the bottom of the email on the link to “update your preferences” or “unsubscribe from this list”;
sending an email to the Company at firstname.lastname@example.org.
Algoreg will not rely solely on decision that is based on automated processes, including profiling; except where such decision is (i) based on Customer’s prior explicit consent, or (ii) necessary for entering into, or the performance of, the Contract, or (iii) permitted by applicable law (including e.g. for security or fraud monitoring purposes).
How does Algoreg use Customer Personal Data?
Customer Personal Data is collected and handled by Algoreg for the following purposes:
to deliver Algoreg services (including to respond to Customer requests or questions, to investigate or respond to potential incidents and complaints)
to comply with applicable statutory, legal and regulatory obligations (including but not limited to the fight against money laundering and terrorist financing).
Lawfulness of our Personal Data processing
Algoreg’s use of Customer Personal Data as described herein is permitted by applicable data protection law, in particular Article 6(1) of GDPR, on the basis that it is:
necessary for the performance of the Contract to which the Customer is a party,
subject to Customer’s consent which Algoreg shall obtain from time to time (for instance, when Customer opts-in (ticks the box) to receive marketing communications via email),
in some cases, as necessary to meet Algoreg’s statutory, legal or regulatory obligations,
in some cases, as necessary to safeguard Algoreg’s legitimate interests in pursuing the purposes set out above, to the extent that such interests in each case do not obviate Customer privacy interests.
Sharing Personal Data with third parties
To facilitate Algoreg’s performance of services and the efficient use of Customer Personal Data, Algoreg may disclose Customer Personal Data to identified third parties. However, such disclosure will only occur in the following circumstances:
to Algoreg subcontractors, suppliers, advisors, agents: from time to time Algoreg may cooperate, engage or employ other companies and individuals to perform duties on behalf of Algoreg.
Algoreg subcontractors, suppliers, advisors, agents, are based in the following locations: EU, USA. Such recipients will only have access to Customer Personal Data on a need-to-know basis and as required by them to perform their duties; they are not permitted to use Customer Personal Data for any other purposes. These recipients will be subject to adequate contractual obligations as regards data protection and confidentiality;
to Algoreg auditors, government or law enforcement authorities if Algoreg determines in its sole discretion that Algoreg is under a legal obligation to do so.
Algoreg endeavors to take all reasonable steps to ensure that Customer Personal Data is treated securely and in accordance with this Policy and applicable laws.
Does Algoreg transfer Customer Personal Data outside the European Union?
Customer Personal Data can be transferred and processed in one or more other countries than the Grand Duchy of Luxembourg, within or outside the European Union (“EU”). Algoreg shall only transfer Customer Personal Data outside the EU to countries which the European Commission believes offers an adequate level of protection, or where Algoreg has put in place appropriate safeguards to preserve Customer privacy.
Algoreg will retain Customer Personal Data for as long as (i) necessary for the respective purpose, (ii) necessary to deliver services and carry out Algoreg business relationship with Customer in accordance with the Contract, (iii) Customer has consented to, and/or (iv) required by applicable retention laws.
IP addresses and cookies
Algoreg collects information about a Customer’s computer, including (where available) an IP address, operating system and browser type, and other hardware information needed for system administration and security.
Although Algoreg will do its best to protect Customer Personal Data, every Customer should be aware and is hereby informed that the transmission of information via the internet is not inherently secure. Algoreg cannot guarantee the security of Customer Personal Data transmitted to Algoreg or any third party; for this reason, any transmission is at Customer’s own risk.
Algoreg will use adequate technical and organizational security measures to prevent and safeguard against unauthorized access, change, transmission or deletion of Customer Personal Data.
Customer rights: How can a Customer access, object, rectify, and delete its Personal Data?
Under applicable data protection laws, Customer has the following rights:
Right to access and obtain a copy of Customer Personal Data: Customer is entitled to request confirmation if and when Algoreg processes your Customer Personal Data. Customer may have access to Personal Data and learn details upon request about how it is maintained and used. In some cases, Customer can ask Algoreg to provide Customer with an electronic copy of Personal Data.
Right to object to marketing: if Customer expressly objects to Algoreg’s use of Personal Data for marketing purposes, Algoreg will put Customer personal contact information (name, address, telephone number, mobile number, e-mail address) on a specific list to ensure that Customer no longer receives this marketing material. The Customer data will be maintained and used for non-marketing purposes unless and until Customer expressly withdraws the objection to marketing in writing.
Right to rectify Personal Data: If evidence can be provided that Personal Data Algoreg holds about Customer is inaccurate or need to be updated, Customer can request this information to be rectified.
Right to be forgotten/Personal data erasure: In certain circumstances, Customers have the right to have their Personal Data deleted. Customers may make such a request at any time in writing and Algoreg will evaluate if Customer’s request should be granted. However, this deletion right is subject overriding legal rights or obligations. Algoreg may be legally required to retain Personal Data, including in accordance to its legal obligations related to the fight against money laundering and terrorist financing. For situations where, in accordance with the law, Algoreg determines that a Customer’s request to delete Personal Data must be granted, Algoreg will do so without undue delay. To exercise this deletion right, Customer must submit a request to Algoreg at the following address: dataprotection@Algoreg.com, and thereafter respond to any legitimate enquiries regarding the deletion request.
To the extent Algoreg’s use or retention of Customer Personal Data is based on Customer consent, the Customer also has the right to withdraw consent at any time. Withdrawal of Customer consent pursuant to this Policy will not affect the lawfulness of any processing based on Customer consent before the receipt of such withdrawal.
Our Customers can also lodge a complaint about Algoreg’s processing of Customer Personal Data with its local data protection authority: in Luxembourg, the Commission Nationale pour la Protection des Données (“CNPD”).
Algoreg will only send marketing communications to Customers via email where they have expressly consented that Algoreg do so. An “opt-in box” will generally be presented for consideration on notices or forms that Algoreg uses to collect Customer Personal Data. If Customer desires to receive these marketing communications, Customer must indicate acceptance by ticking the box. Where Algoreg sends marketing communications to Customer via email, Customer may also opt-out of any further marketing communications. In addition, Customer can also withdraw consent at any time by contacting Algoreg at the following address: email@example.com and providing the following information: Customer name, email address, the marketing communications to unsubscribe.
Changes to this Policy
The terms of this Policy may be amended from time to time in accordance with Algoreg’s internal rules and/or change in law or regulation. Algoreg shall publish any material changes to this Policy either on its Website or contacting Customer using other communication channels.
Questions, comments and requests regarding this Policy are welcomed and should be addressed to Algoreg at the following e-mail address: firstname.lastname@example.org.