GDPR

I. General information

Last update :

30 August 2023

Our engagement

Protecting personal data is a paramount concern for Gridx Management S.A., who, depending on the circumstance, acts as the Data Controller or as the Processor. We take the necessary steps to ensure that your personal data is processed securely in accordance with the GDPR - General Data Protection Regulation.

The following principles guide our commitment to protecting your privacy:

  1. We will always use your personal data in a fair and trustworthy manner and will take all reasonable measures to protect your information from misuse and to keep it safe.
  2. You have the right to be clearly informed about how we use your personal data and to request its correction or deletion. We will always be transparent with you about the data we collect and how we use it.
  3. We comply with all current regulations concerning the protection of personal data and cooperate with the CNPD - National Commission for Data Protection, the Luxembourgish supervisory authority for data protection.

What does this document cover?

It outlines Gridx Management S.A.'s privacy policies, detailing the types of personal data we collect, how we use it, disclose it, and protect it.

How these policies may change

We may modify these privacy guidelines by publishing an updated version. We will provide reasonable notice of any significant changes.

II. Code of Conduct

Processing of personal data

Definitions

In these privacy guidelines, your "personal data" means one or more pieces of information that could identify you, either directly or indirectly. This typically includes information such as your name, address, identifiers, photos/videos, email address, and phone number, but can also encompass information about your past or present professional activities, health and safety data of personnel.

In the course of our activities, we may collect various types of personal data based on the categories of individuals involved.

Employees (permanent staff, temporary staff, interns):

  • Identification data
  • Sensitive data
  • Data relating to personal life
  • Data relating to professional life
  • Recruitment data
  • Login data
  • Geolocation data
  • Data from video surveillance devices

Third parties (prospects, customers, suppliers, service providers):

  • Identification data
  • Data relating to professional life
  • Economic and financial information
  • Data from video surveillance devices.

Users of the website https://www.gridx.lu/:

  • Identification data
  • Recruitment data
  • Login data
  • Data related to Internet activity
  • Data from surveys, forms and newsletter subscriptions

Where the data subject is not a natural person, we collect the personal data described above from their employees, contact persons or designated interlocutors.

How do we collect your personal data?

We may collect this information from different sources, namely:

  • Information you give us directly
  • Information we may collect through our partners, contractors, subsidiaries, group companies and others
  • Information from state organizations (national health fund, occupational medicine, etc.)
  • Information that we collect via automatic collection systems (badges, information system logs, etc.)
  • Information that we collect from operators (telephony, geolocation, etc.).

How do we use your personal data?

We use your personal data as part of the overall management of our business, namely:

  • To provide you with offers of services;
  • Process service contracts we have entered into with you;
  • Manage the delivery, invoicing and payment of our services;
  • Process your invoices as part of our accounting;
  • Establish a customer database;
  • Fulfill legal obligations in professional, social, accounting and tax matters;
  • Fulfill the contractual obligations inherent in the employment contract;
  • Organize the daily management of work within the company without any individual profiling purpose.

How long do we keep your personal data?

When we collect personal data for these specific purposes, we do not keep them longer than necessary for these purposes, unless we need to retain them for legitimate legal or contractual reasons. To protect this data from accidental or malicious destruction, when we remove them from our services, we may not immediately delete residual copies from our servers or backup systems.

Purposes and legal bases of processing

1. Contract management

Gridx Management S.A. processes personal data for the establishment, management and monitoring of contracts established with:

  • Employees: employment contract, internship agreement
  • Third parties: commercial contracts, service contracts, real estate contracts/projects, investment contracts/projects, asset management, management and monitoring of renovation work.

The legal basis for this processing is the performance of a contract or pre-contractual measures, insofar as such processing is necessary for responding to requests received, or for the establishment or performance of the contract in question.

2. Compliance with legal obligations

Gridx Management S.A. processes personal data in the context of its rental, construction and real estate investment management activities.

The legal basis for this processing is the response to the following legal obligations:

  • Social, accounting and tax obligations, namely affiliations, social elections, anti-money laundering procedures, etc.
  • Obligations of professionals in the real estate and construction sector, namely the Quality, Safety, Environment - QSE audit, the ten-year work guarantee, site monitoring, etc.

3. The pursuit of legitimate interests

Gridx Management S.A. processes personal data in order to organize and optimize its services. These treatments concern:

  • Management of personnel, training, remuneration.
  • Organizing travel and trips.
  • Sales, accounting, IT, logistics.
  • Marketing, communication, digital development.
  • Vehicle geolocation.
  • Premises management and surveillance.
  • Protection of property and individuals.
  • Customer satisfaction surveys.
  • Debt collection.
  • Case compilation in case of disputes, pre-litigation or litigation.

The legal basis for this processing is the pursuit of legitimate interests or the safeguarding of vital interests of the data subject or of another natural person.

4. Management of Requests

Gridx Management S.A. processes your personal data in the context of:

  • Management of requests from users of the site https://www.gridx.lu
  • Processing of requests via forms, subscription to newsletters, cookie management.
  • Marketing, communication or profiling operations.

The legal basis for this processing is your consent, which you can withdraw at any time.

Implementation of your consent

When collecting personal data that does not result from a legal or contractual obligation, Gridx Management S.A. informs that their transmission is optional and therefore implies consent for their subsequent computer processing by Gridx Management S.A. in accordance with these conditions.

Consent is not required in the case of processing according to a legal obligation or a contract. For other processes, Gridx Management S.A. does not impose your consent but proposes it before proceeding to different processing options.

Who do we share your personal data with?

As a general rule, we do not share your personal data outside of Gridx Management S.A. However, in the context of managing your personal file, wages, social charges, travel, and donations to foundations, we share your data with carefully selected and controlled subcontractors or partners.

We may also share your personal data with organizations if we believe that disclosure of the information is necessary for legal reasons in the context of prosecution.

Do we transfer your personal data to other countries?

We do not transfer any of your personal data to servers outside the European Union (EU) and use subcontractors committed to keeping your data within the EU. If there's a policy change regarding this, it will be done respecting privacy protection laws, and you will be informed.

When the personal data covered by these rules of conduct is transferred (including in the case of remote access) to non-EU third countries that do not benefit from a European Commission adequacy decision adopted in accordance with Article 25 of Directive 95/46/EC or Art. 45 of the GDPR, Gridx Management S.A. ensures that appropriate guarantees as provided in Chapter V of the GDPR are put in place.

How do we protect your personal data?

We take all reasonable precautions to keep your personal data secure, and we require any third party who handles or processes your personal data for us to do the same.

If Gridx Management S.A. collaborates with other companies, the choice of these companies will only be made after a complete selection process. In this selection process, each individual service provider is carefully selected for its relevance in terms of technical and organizational skills in data protection. This selection procedure will be documented in writing, and a data processing contract will only be concluded if it complies with the identified security requirements, including European and national regulatory requirements.

Access to your personal data is restricted to prevent unauthorized access, alteration, or misuse, and is only allowed for our employees and agents who need it as part of their mission.

III. Specific use of your personal data

Cookies

A cookie is a small text file that is sent to your browser when you visit a website. It can be issued either directly by the server hosting the website you are visiting or by a third-party server to which the website has possibly transmitted your request. By default, your browser retains the cookie and returns it with each new request to the issuing server. A cookie can only be read by the server that placed it. For example, a cookie can contain an identification number to recognize your browser when you interact with the website in question. It can also contain a simple "yes" or "no" answer to, for example, remember your choice regarding cookies.

Cookies are used by Gridx Management S.A. to analyze the use of our website in an anonymous or pseudonymous form and to offer advanced user functionality.

Gridx Management S.A. offers you the possibility to give your consent to the type of cookie allowed, apart from cookies strictly necessary for the proper functioning of the site. The types of cookies and their purposes can be consulted when giving consent.

Of course, this consent can be withdrawn or changed at any time via the following link: Modify your consent.

Use of your data for information and advertising purposes

In addition to providing our services, we also use your personal data to communicate with you about our marketing offers or promotions and to recommend other services that may interest you.

Specifically, we may use your personal data to send you a newsletter if you have explicitly chosen to receive it on our website, in one of our information emails by clicking on a link indicating that you wish to receive our newsletter or by written consent by filling out the consent form.

If you no longer wish to receive information or newsletters from us by email, you can object at any time by contacting us by email or by using the link found in each of our emails or newsletters.

What are your rights and how to exercise them?

If you have any questions, comments or concerns about the way we process your personal data, you can contact the Data Protection Officer by e-mail ([email protected]), by telephone ( +352 49 88 88 664 ) or by mail:

Gridx Management S.A.,
à l’attention de SERTIC Jean-Marc
3, rue Jean Piret
L-2350 Luxembourg

You have the right to:

  • Ask us for a copy of the personal data we hold about you.
  • Ask us to correct, update, or delete your personal data in our records.
  • To report any misuse of your personal data to us.

If you believe that your personal data has not been processed in accordance with the law, you can contact the CNPD ( www.cnpd.lu or[email protected] ) and file a complaint with it.