To align the provided legal notice with Luxembourgish law specifically, we can adjust it by focusing on key areas regulated under Luxembourg's data protection laws, which align closely with the EU's General Data Protection Regulation (GDPR). Here’s how the text might be adapted:
Privacy Policy
Your expectations of our product and service quality set the benchmark for how we handle your data. Our objective is to foster and maintain a trustworthy business relationship with our customers and prospects. The protection and confidentiality of your personal data are of paramount importance to us.
Privacy Notice
The data controller, according to the General Data Protection Regulation ("GDPR") and Luxembourg's data protection laws, is:
Petite Suisse Country Club ASBL and Golf Resorts and Real Estate Luxembourg Sàrl
46 Am Lahr, L-7641 Christnach, Luxembourg
Email: info@pscc.lu
Represented by Managing Director: Patrick LESKE, Engineer
Registered in the Luxembourg Trade and Companies Register under No.: B185866
Data Protection Officer
C. F. ROTHBAUM GmbH
Meilbrücker Straße 8, 54636 Idenheim, Germany
DATA PROTECTION
We value your visit to our websites and your interest in our offerings. Protecting your personal data is a critical concern for us. In these privacy notices, we detail the manner in which we collect, handle, and use your personal data, the purposes of such processes, their legal bases, and the rights and claims available to you under Luxembourg law.
Our privacy notices for website usage do not cover your activities on the websites of social networks or other providers accessed via links from our websites. We encourage you to review the privacy policies on those websites.
COLLECTION AND PROCESSING OF YOUR PERSONAL DATA
a. Visiting our websites triggers the storage of specific information such as the browser and operating system used, visit time and date, access status, use of website features, search terms, frequency of webpage visits, names of retrieved files, data volumes transferred, source and subsequent destination websites after visiting ours. For security purposes, notably to prevent and detect attacks or fraud attempts, your IP address and the name of your Internet Service Provider are stored for seven days.
b. Other personal data are processed only when you provide such data, e.g., during registration, via a contact form, chat, survey, contest, or in contract execution. In these instances, data processing is limited to what is permissible under the consents you have granted (including for international data transfers as noted in item 12) or as allowed by applicable legal provisions, including Luxembourg's data protection laws (see item 7).
c. You are not obliged to provide personal data by law or contract. However, some website functions may rely on the provision of personal data. If you choose not to provide necessary data, certain functionalities may be unavailable or limited.
PURPOSES OF USE
a. Personal data collected during your website visits are used to enhance user experience and protect our IT systems from illegal actions.
b. If you supply additional personal data via registration, forms, surveys, contests, or contracts, we use this data for customer management, transaction processing, and billing as necessary.
c. We may use personal data for additional purposes, such as displaying personalized content or advertising based on user behavior, provided you consent via our Consent Management System.
d. We also process personal data as legally required (e.g., for compliance with commercial or tax laws, or following governmental or judicial orders).
TRANSFER OF PERSONAL DATA TO THIRD PARTIES; SOCIAL PLUG-INS; USE OF SERVICE PROVIDERS
a. Our websites may feature third-party offers. By clicking on such offers, we transmit necessary data to the respective provider.
b. We use "social plug-ins" from networks like Facebook and Twitter by initially disabling them to prevent data transmission. Activation occurs only upon your action, which connects directly to the network server, potentially linking the visit to your account if logged in.
c. Activating a link or social plug-in may transmit personal data to non-EU countries. Please consider this before activating any link or plug-in.
COOKIES
a. Our websites use cookies to improve your experience. These may include HTML cookies, Web/DOM Storage, and Local Shared Objects (or "Flash cookies").
b. The use and management of cookies depend on your browser settings, which can be adjusted to refuse non-essential cookies. You can delete existing cookies via browser settings.
SECURITY
We employ technical and organizational measures to protect your data from manipulation, loss, destruction, or unauthorized access, continually updating these measures in line with technological advancements.
LEGAL BASIS FOR DATA PROCESSING AND COOKIES
a. Processing based on your consent, contract fulfillment, legal obligations, or our legitimate interests (like direct marketing and IT security) is grounded in GDPR and Luxembourg law.
DELETION OF YOUR PERSONAL DATA
We delete your IP address and the name of your Internet Service Provider, which we store for security reasons, after seven days. Otherwise, we delete your personal data as soon as the purpose for which the data was collected and processed is no longer applicable. Storage beyond this point only occurs as far as required by laws, regulations, or other legal provisions to which we are subject in the EU or in third countries, provided there is an adequate level of data protection. If deletion is not possible in individual cases, the relevant personal data will be marked with the aim of limiting their future processing.
DATA SUBJECT RIGHTS
a. As a data subject, you have the right to access (Art. 15 GDPR), correction (Art. 16 GDPR), deletion (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), and data portability (Art. 20 GDPR).
b. If you have consented to the processing of your personal data by us, you have the right to withdraw that consent at any time. The legality of the processing of your personal data until revocation is not affected by the revocation. Further processing of this data based on another legal basis, such as to fulfill legal obligations, also remains unaffected.
c. Right to object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data, which is based on Art. 6 Para. 1 e) GDPR (data processing in the public interest) or Art. 6 Para. 1 f) GDPR (data processing on the basis of a balance of interests). If you object, we will only further process your personal data if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
d. We kindly ask you to direct your claims or declarations to the following contact address whenever possible: datenschutz[at]rothbaum.eu
e. If you believe that the processing of your personal data violates legal requirements, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).
NEWSLETTER
If you subscribe to a newsletter offered on our website, the data provided at the time of registration will be used only for sending the newsletter, unless you consent to further use. You can cancel the subscription at any time using the unsubscribe option provided in the newsletter.
DATA TRANSFER TO RECIPIENTS OUTSIDE THE EUROPEAN ECONOMIC AREA
a. When using service providers (see item 4.d) and transferring data with your consent to third parties (see item 3.c), personal data may be transferred to and processed in countries outside the European Union (EU), Iceland, Liechtenstein, and Norway (European Economic Area), especially to the USA and India.
b. The following countries have been deemed by the EU to provide an adequate level of data protection (adequacy decision): Andorra, Argentina, Canada (limited), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, South Korea, Uruguay, United Kingdom. With recipients in other countries, we apply EU standard contractual clauses, binding corporate rules, or other permissible mechanisms to create an adequate level of protection according to legal requirements. We are happy to provide more information on this through the contact details mentioned in item 9.d above.
c. If you consent in our Consent Management System, your consent also applies to the transfer of data to recipients in countries outside the European Economic Area where there is no adequate level of data protection. Information on the transmitted data, data recipients, or categories of data recipients, and the relevant countries can be found in our Consent Management System. In these countries, there may be no data protection law comparable to that of the European Economic Area, possibly affecting data subject rights and the ability to pursue data protection violations, among other things. Public authorities in these countries might access and use the data for different purposes more easily than in the European Economic Area. These circumstances may only be partially mitigated by special measures.