Privacy policy

Data privacy policy (*)

Update 1.4: 2 november 2020

AGORA s.à r.l. et Cie (“Agora” or “we”), the controller for the processing of your personal data, pays particular attention to protecting the information that concerns you and that we process in accordance with Regulation (EU) 2016/679 of 27 April 2016.

The purpose of this data privacy policy is to describe our practices in relation to your personal data that we collect or that you supply to us:

• Via the websites www.agora.lu and www.belval.lu which are operated by Agora and from which you can access this data privacy policy (the “websites”),
• Via our social media pages and app pages: Twitter, LinkedIn, YouTube, Facebook, Instagram (collectively our “social media pages”):

– Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; twitter.com/privacy
– LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy
– YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA; policies.google.com/privacy
– Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour,Dublin 2, Irlande; https://www.facebook.com/policy.php
– Instagram, Facebook Ireland Limited, 4 Grand Canal Square, Dublin – Dublin 2 Ireland; https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram%20Help&bc[1]=Privacy%20and%20Safety%20Center

• By email (including via MailChimp – The Rocket Science Group; LLC; 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA https://mailchimp.com/legal/privacy), by post, phone calls we make to you or receive from you, business cards or any other materials you provide to us.
• Via our purchasing, tendering or recruitment procedures;
• Via our document exchange platform which enables the exchange of documents between authorised persons working on a project on our behalf.

Collectively under the term “Services” we refer to:

• the functionalities of the websites and social media pages, email messages, letters sent by post or phone calls enabling us to respond to your requests or to send ou information related to our activity by any means, including through the use of social networks that we use, particularly as part of organising our information campaigns;
• the functionalities enabling you to register for an account so that you can consult the documentation relating to calls for tenders;
• the files we set up at the time of launching purchasing, tender or recruitment procedures;
• the functionalities enabling access to and use of the document exchange platform.

1. Personal data

“Personal data” are defined by the Regulation as “any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (Article 4 (1) – REGULATION (EU) 2016/679).

Collection of personal data

It is not necessary to input personal data if you wish to consult our websites.

However, Agora collects personal data in a variety of ways, including the following:

• We collect personal data via the Services, for example when you send us an enquiry via a contact form on our websites, an email, a phone call, when you register for an account in order to access calls for tenders or our document exchange platform, when you respond to our calls for tenders, our purchasing or recruitment procedures.
• We also collect personal data when you give us your business card or any other document you provide to us, when you send us an email or a letter or when you submit a request by any other means.
• We collect personal information from other sources, for example: publicly available databases, business partners or joint contacts.

We require your personal data in order to provide you with the Services. In this respect, if you provide us with personal data concerning persons other than yourself, you declare that you have the power and authority to do so and to permit us to use the personal data concerned in accordance with this data privacy policy.

Use of personal data

Agora uses your personal data for operational purposes, in particular for:

• Implementing the Services, including responding to your enquiries, complaints or claims, and analysing your bids for calls for tenders.
• Providing you with information and information documents, either at your request or as part of our information campaigns.
• preparing personalised Services following your enquiries, our calls for tenders, our purchasing procedures, our recruitment activities, your use of the document exchange platform.
• Analysing our websites and social networks users’ preferences in order to prepare reports on aggregate trends in the way our content is used, so as to improve our Services.
• Sending you invitations to our events, trade fairs and exhibitions in which we are participating or other events we are supporting.
• Anonymising personal data: We are able to aggregate and anonymise personal data so that they are no longer regarded as personal data. We do this to generate other (non-personal) data for our own exclusive use. (Article 4 (5) – REGULATION (EU) 2016/679.

Legal bases for the use of your personal data

We process your personal data on the basis of your consent. (Article 4 (11) – REGULATION (EU) 2016/679). For example, when you provide us with personal data via the contact forms on our websites, by email, post or a phone call, we consider that you consent to the processing of your personal data that you communicate to us so that we can follow up your enquiry and contact you again with an answer.

We also process your personal data when this is necessary:

• (i) For the performance of a contract to which you are a party, or of precontractual measures taken at your request, for example when you participate in a call for tenders for which you supply us with a tender file;
• (ii) For realising our legitimate interests, which consist principally of undertaking our tasks of developing sites, launching calls for tenders, and following up candidates and their tender files, organising events and undertaking marketing operations;
• (iii) For complying with our legal obligations and regulations to which we are subject.

Disclosure of personal data

We disclose personal data:

• To our subcontractors and third-party service providers (Article 4 (8 & 10) – REGULATION (EU) 2016/679), to facilitate the services they supply to us. These can include providers of services such as website hosting, for the purpose of data analysis, the technical analysis of the data you provide to us within the framework of our calls for tenders, purchasing or recruitment procedures, or other services.
• When you choose to directly disclose or authorise us to disclose your personal data on our websites, social media pages and other communication media.

Apart from cases provided for by laws and regulations or by this data privacy policy, Agora undertakes not to disclose personal data outside its organisation.

2. Other information

“Other information” means any information that does not directly reveal your specific identity or is not directly associated with an identifiable person. This includes in particular:

• Information about the browser and device used to access the websites.
• Information collected using cookies.
• The geolocation and other information provided by you which does not directly reveal your specific identity.
• Information that has been aggregated in such a way that it no longer reveals your specific identity (Article 4 (5) – REGULATION (EU) 2016/679).

We and our service providers can also collect other informaton in various ways, in particular when you visit our websites.

When you use the Websites for information purposes only, i.e. if you do not register for an account for tenders or provide us with information yourself, we collect only the personal data that your browser transmits to our server.(section Make your choices on your browser below)

If you directly consult our websites, we collect the following data, which are technically necessary for us to present these websites to you and to guarantee their stability and security: IP address, date and time of activities, time zone, content of your enquiry, access status/HTTP status code, quantity of data transferred, referring website, browser, operating system and interface, language and version of the browser software.

3. Cookies – Analysis and tracking tools – Matomo – Social media plugins – Google Maps

Cookies

Cookies are stored on your computer when you use our websites directly or through the information campaigns that we organise via the social networks that we implement. Cookies are small text files that are stored on your hard disk in the browser you use, and by means of which certain information is disseminated to the location that placed the cookie. Cookies cannot run programs or transmit viruses to your computer. Cookies are used to make the offer of Services more user-friendly and more efficient.

Our websites use several types of cookies: session cookies and persistent cookies, essential or not essential, analytical cookies (including in connection with the use of social networks that we use).

Session cookies are automatically deleted when you close your browser. Persistent cookies are automatically deleted after a specific period, which can vary depending on the cookie. You can delete the cookies of your choice at any time in the security settings of your browser.
You can also configure the settings of your browser according to your wishes and needs. Please note that depending on your choices you might not be able to use the full functionalities of our websites. (see Making your choices in your browser below).

Analysis and tracing tools

On the site www.agora.lu only, we use the following analysis and tracking tools to measure the effectiveness of our information campaigns, analyse the traffic generated to www.agora.lu from the social networks that we use:

Facebook Pixel:

The pixel is a “piece of code” added to our website www.agora.lu. It enables it to collect user data to track Facebook ad conversions, optimise Agora’s information campaigns, create audiences or retarget people who have already interacted with the website www.agora.lu (retargeting). The Facebook pixel provides the information needed to create better quality Facebook ads and improve targeting.

The website www.agora.lu uses “Facebook Pixel” from Facebook, which links directly with Facebook servers. Your visit to our website is therefore communicated to the Facebook server. Facebook links this information to your personal Facebook user account if you have such an account and are logged in. If you are not a Facebook user or are not logged in to Facebook when you visit our web page, your visit to our web page is not linked to a Facebook user account.
For more information about Facebook’s protection of your personal data, please see Facebook’s data use policy at https://www.facebook.com/about/privacy/.”

LinkedIn Insight tag:

The LinkedIn Insight Tag is used to collect data about members’ visits to the website www.agora.lu, such as URL, referrer, IP address, device and browser (user agent) characteristics, and timestamp. IP addresses are truncated or (when used to reach members on all devices) encrypted and direct member identifiers are removed within seven days to make the data pseudonymous. The remaining pseudonymous data is then deleted within 180 days.
LinkedIn does not share personal data with the website owner; it only provides reports and alerts (that do not identify you) about the website audience and ad performance. LinkedIn also offers to retarget website visitors, allowing the site owner to display personalised ads on its website using these data, but without identifying the member. We also use data that do not identify you to improve the relevance of ads and reach members on all devices. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.

For more information on the LinkedIn Insight tag, please see the following link:
https://www.linkedin.com/help/lms/answer/81847/questions-frequentes-sur-le-linkedin-insight-tag?lang=fr

Through the use of these tools, we use the data provided for the following statistics, which are drawn up in such a way that the data used cannot be attributed to a specific data subject without additional information (Article 4 (5) – EU REGULATION 2016/679):

• Traffic
• Interaction and engagement – clicks, sharing, comments, reactions…
• Geographical area
• Demographics
• Performance videos

Use of Matomo (formerly Piwik):

Our websites use the web analysis service Matomo to analyse the traffic and regularly improve the use of our websites. Cookies are stored on your computer for this evaluation. You can configure the settings of your browser to delete existing cookies and prevent such cookies being stored. If you prevent the storage of these cookies, we wish to point out that you might not be able to use the whole of this website.

More information: https://matomo.org.

How to exercise your choices?

Making your choices from the configuration tool

Agora provides you with a simple tool that allows you to set the placing of cookies or the use of analysis or tracking tools according to their category at any time: Necessary, Functional, Performance, Analytical, Advertising, Other

The choices that you make with this tool are valid only for navigating on the Agora websites.

By default, all categories and their contents are activated when you click on “Accept” in the information message generated on the homepage of the websites. With this action you explicitly declare that you agree to this and accept their activation.

Customize privacy settings

Make your choices on your browser

You can also express your choices about cookies on your computer’s browser. In this case, your choices will apply to all your web browsing, not just our websites.

You can set your browser software either so that you are occasionally asked to accept or refuse cookies, before a cookie is likely to be saved, or to systematically accept or refuse the saving of cookies on your device.

We warn you that setting your navigation software to refuse any technical and functional cookies will be likely to have a negative effect on your user experience on the Agora websites, and may even prevent the use of some of our services requiring the use of these same cookies.

Where applicable, we assume no liability for the consequences related to the reduced functionality mode of the Agora websites and of our services resulting from our inability to record or consult the cookies necessary for their operation and which you might have refused or deleted.

For the management of cookies and your choices, the configuration of each browser is different. The help menu of your browser will tell you how to change your cookie preferences.

Use of social media plug-ins

We use the following social media plug-ins: Twitter, LinkedIn, YouTube, Facebook and Instagram. We have no influence over the data collected and the operations used by these social media for processing these data, and we do not assume any liability for their use. These plug-ins enable you to access our social media pages and subscribe to news feeds. They also enable social media platforms (Twitter, LinkedIn, YouTube, Facebook, Instagram) to place cookies on your internet browser and access this, in particular when you interact with these platforms via the plug-ins placed on our websites. These cookies enable the social media to identify you and monitor your internet activity for the purposes of targeted advertising, analyses or market research.

• Twitter, https://twitter.com/en/privacy
• LinkedIn, https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
• YouTube, https://policies.google.com/privacy?hl=en
• Facebook, https://www.facebook.com/policy.php
• Instagram, https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram%20Help&bc[1]=Privacy%20and%20Safety%20Center
  

Link to Google Maps

On the website www.agora.lu we provide a link to Google Maps. We have no influence on the data collected by Google Maps and their data processing and assume no responsibility for their use.

• Google Maps, https://policies.google.com/privacy?hl=en

4. Security

To protect personal data within our organisation we take adequate organisational, technical and administrative measures that are in accordance with the applicable laws and regulations.
To ensure security during the processing of your personal data, Agora has put SSL (Secure Socket Layer) certificates in place on its websites. These certificates guarantee the encryption of the data exchanges between you and the Agora web servers. Nonetheless, if you have reason to believe that your interaction with us is no longer secure, please advise us of this immediately as described in the section “Contacting us” below.

5. Access to personal data and the rights of individuals

Every user enjoys a right of access, modification and objection to the processing of their personal data, a right to restrict the processing, a right of deletion and a right to the portability of their personal data. However, these rights can only be exercised within the limits of any contractual or legal obligation.

Right to information – confirmation

You have the right to ask us to confirm that we process personal data concerning you. If your personal data are processed, you can ask at any time for information about these personal data and their processing, and to receive a copy of them.

Right of correction – modification

You have the ability to ask us to correct or modify any incorrect personal data concerning you. Bearing in mind the purposes of such processing, you have the right to ask us to complete any incomplete personal data.

Withdrawal of consent

When the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the legality of the processing undertaken prior to the withdrawal of such consent.

Right of objection

You have the right to object at any time to the processing of your personal data for the purposes of direct marketing or to realise other legitimate interests. However, we can continue to process your personal data if they are necessary for us within the framework of our pre-contractual or contractual relationship.

Right to the restriction of processing

You have the ability to request the restriction of the processing of your personal data with a view to limiting the instances in which we are able to use them.

Right of withdrawal (“Right to be forgotten”)

You have the right to ask for the deletion of the personal data concerning you. However, please note that we reserve the right to continue to send you administrative or contractual messages within the context of important contractual, technical or regulatory relations from which we are unable to withdraw.

Right to portability

You have a right to the portability of your personal data, which enables you to receive the personal data you did not provide to us yourself, in a structured format that is currently used and machine-readable, and, if technically possible, to have these personal data transmitted to a third party.

In all cases we will do our best to reply to your requests within a reasonable period.

How to access your personal data and exercise your rights?

If you wish to ask to consult, correct, update or delete your personal data or restrict the processing or object to this, or if you wish to receive an electronic copy of your personal data, including so as to be able to transmit them to another company (insofar as this right to the transferability of the data is granted to you by the applicable law), you can do so using the contact details in the section entitled “Contacting us” below. We will reply to your request in accordance with the legal and regulatory provisions in force.

In your request please clearly indicate the personal data you would like to have modified, the uses to which you wish to object, whether you wish your personal data to be deleted from our database, or indicate to us the limits you would like to impose on the use of your personal data. For your protection, we can only implement requests concerning the personal data associated with the particular email or personal address you use to send us your request. We might also need to verify your identity before implementing your request.

Please note that we might possibly need to retain certain personal data for the purposes of record-keeping and/or to complete any transaction that you commenced before requesting a modification or deletion.

6. Retention period

We retain personal data for as long as is necessary in terms of the purposes for which they were obtained, and in accordance with the applicable laws and regulations.

The criteria used to determine our retention periods comprise:

• The duration of our relationship with you and the period for which we have provided you with the Services to ensure the proper maintenance and follow-up of your file (for example, while you have an open account under the heading Call for tenders – www.agora.lu/en/call-for-tenders – or while you continue to use the Services);
• Whether there is a legal obligation to which we are subject; or
• Whether such retention is desirable taking account of our legal situation (for example with regard to limitation periods, disputes or regulatory enquiries).

Unless there are requirements relating to public order, contractual provisions or legal disputes, we shall make every effort not to store your data beyond a period of thirteen (13) months from the last time they were transmitted.

7. Third-party services

This data privacy policy does not address, and we are not liable for, the confidentiality of the information or other usages of any third party, including any third party operating a website or a service with which our Services are connected. The inclusion of a link on our websites and social media pages does not imply that Agora approves of the site in question or the associated service. We are also not liable for any hypertext links provided by third parties that might redirect you to our websites. We reserve the right at any time and without prior notice to prohibit and/or block any link to our websites that has been placed without our authorisation.

In addition we are not liable for the collection, use, disclosure or security policies or practices of other organisations, application developers, application providers, providers of social media platforms, providers of operating systems, providers of wireless services or equipment manufacturers, including with regard to the personal data you disclose to other organisations by means of or in connection with mobile applications or our social media pages.

8. Use of the Services by minors

The Services are not intended for underage persons. The use of the Services by underage persons takes place under the responsibility of their parents or legal guardian. We do not knowingly collect personal data from underage persons.

9. Jurisdiction and cross-border transmission

Your personal data can be stored and processed in any country of the European Union where we have facilities or in which we use service providers (for more information please refer to the section “Imprint”[A1] on our websites). When using the Services, you understand that your personal data can be transmitted to countries outside your country of residence.

10. Sensitive information

As far as possible and unless explicitly required or mandated by the applicable laws and regulations, we ask you neither to communicate to us nor to disclose sensitive personal data (for example, social security numbers, information connected with race or ethnic origin, political opinions, religion or other beliefs, health, biometric or genetic characteristics, or criminal history) on our websites and social network pages or otherwise via the Services.

11. Acceptance of conditions

By using the Services, users confirm that they have read, understood and accepted this data privacy policy. If a user does not accept this data privacy policy, Agora recommends that this user does not use the Services. Continued use of the Services after the publication of modifications made to this data privacy policy shall be regarded as acceptance of such modifications.

12. Updates to the data privacy policy

The heading “Updated” in this data privacy policy indicates the date on which this data privacy policy was last revised. Any change shall come into force when we display the revised data privacy policy on the websites. Such changes can take place without you being directly informed of them. We therefore invite you to consult the data privacy policies of the websites regularly in order to verify whether you still agree to these. Your use of the Services following such changes indicates that you accept the revised data privacy policy.

13. Contacting us

Agora is responsible for the collection, use and disclosure of your personal data in accordance with this data privacy policy.

For any question or intervention relating to this data privacy policy you can contact Agora:

• By email to the following address:
  privacy@agora.lu
  
• By post to the following address:
  Société de développement AGORA s.à r.l. et Cie
  Attention: Délégué à la Protection des Données
  3, avenue du Rock’n’ Roll
  L-4361 Esch-sur-Alzette

14. Supervisory authority

Every user has the right to submit a complaint to the competent supervisory authority, in particular to that of the member state of their usual place of residence or place of work, or for an infringement of the regulations concerning the protection of personal data (in Luxembourg, the National Commission for Data Protection (https://cnpd.public.lu/fen.html).

(*) Only the text in French shall be binding.