CHATBOT DATA PROTECTION POLICY ON THE COQUE.LU WEBSITE

CHATBOT DATA PROTECTION POLICY ON THE COQUE.LU WEBSITE

The National Sports and Cultural Centre Coque (hereinafter the “CNSC”) is committed to protecting the personal data and the privacy of Chatbot users and, more generally, of anyone using its Services.

All operations involving your personal data are carried out in compliance with the applicable regulations, including in particular:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR);

  • The Law of 1 August 2018 on the organisation of the National Commission for Data Protection;

  • The amended Law of 30 May 2005 on specific provisions for the protection of individuals with regard to the processing of personal data in the electronic communications sector and amending Articles 88-2 and 88-4 of the Code of Criminal Procedure.

This Personal Data Protection Policy aims to inform you of:

  • The types of personal data processing activities we carry out concerning you;

  • The categories of personal data we collect about you;

  • How your personal data is processed by the CNSC;

  • The conditions and terms of use of your personal data and your rights in this regard, in compliance with the European and Luxembourg legislation applicable to the CNSC.

Table des matières
1. IDENTITY OF THE DATA CONTROLLER
2. DATA PROTECTION OFFICER (DPO)
3. DESCRIPTION OF THE PROCESSING OF YOUR PERSONAL DATA
4. TRANSFER OF YOUR PERSONAL DATA OUTSIDE THE EUROPEAN UNION
5. SECURITY OF YOUR PERSONAL DATA
6. HOW TO EXERCISE YOUR RIGHTS REGARDING THE USE OF YOUR PERSONAL DATA
7. MODIFICATION OF THIS POLICY
8. REFERENCE LANGUAGE

1.    IDENTITY OF THE DATA CONTROLLER

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is the Centre National Sportif et Culturel Coque (CNSC).
Address: 2, rue Léon Hengen, L-1745 Luxembourg
Telephone: +352 43 60 60 1
Email: info@coque.lu

2.    DATA PROTECTION OFFICER (DPO)

For any questions regarding the processing of your personal data carried out by the CNSC, you may contact the Data Protection Officer (DPO) appointed to the National Commission for Data Protection:

By email: dpo@coque.lu
By post:
Caring for the DPO of the CNSC
2, rue Léon Hengen, L-1745 Luxembourg

3.     DESCRIPTION OF THE PROCESSING OF YOUR PERSONAL DATA

As part of the operation of the website https://coque.lu/, the CNSC collects data about you. These personal data are processed in accordance with, and within the limits of, the purposes specified at the time of collection.

3.1 Legal basis and purpose of the processing of personal data
The purpose of the processing is to provide informational assistance and support to visitors of the CNSC website. It is based on the legitimate interest of the data controller (Article 6.1.f of the GDPR).

3.2 Categories of personal data collected
To achieve these purposes, the CNSC collects the following data from you:
• Client ID and client pseudonym
• Visitor’s email address
• Conversation history
• Connection and browsing data: IP address, IP country location, time the conversation is opened/closed, date of the conversation.

3.3 Retention periods for personal data
Your personal data is kept only for the time strictly necessary to fulfil the purpose of the processing:
• Client ID, pseudonym, and conversation history: retention period of 30 days. If a request is submitted to the reception desk, the conversation history will be retained for the duration of the request’s processing.
• Visitor’s email address: retained until a deletion request is submitted by the visitor.
• Connection and browsing data:
– Technical logs: retention period of 180 days
– Cookies: duration of the session.

3.4 Recipients or persons with access to your personal data
Your personal data is accessible only to:
• Authorized CNSC staff,
• ChatLab, our processor responsible for the development and hosting of the Chatbot, as well as its subsequent subcontractors.

Aside from these recipients, your personal data is not disclosed to third parties. However, the CNSC may be required to transmit your personal data to authorized third parties in order to comply with its legal obligations, particularly in the event of a judicial requisition.

4.    TRANSFER OF YOUR PERSONAL DATA OUTSIDE THE EUROPEAN UNION

The personal data collected by the CNSC is mainly processed within the European Union. However, certain third-party services may involve the transfer of your data outside the EU, notably to certain sub-processors. 

In such cases, the CNSC and its main processor ensure that these transfers comply with the GDPR and European case law by implementing appropriate safeguards, including:

  • The Data Privacy Framework for certain transfers to the United States of America: on 10 July 2023, the European Commission adopted a new adequacy decision for the United States.

    Through this decision, the Commission considers that changes made to U.S. national legislation now ensure an adequate level of protection for personal data transferred from the EU to U.S.-based organisations that comply with this new “Data Protection Framework”. The list of such organisations is maintained and will be made public by the U.S. Department of Commerce.

    Transfers of personal data from the EU to organisations on this list may therefore be carried out freely, without the need for Standard Contractual Clauses or any other transfer mechanism.

  • The integration of European Commission–approved Standard Contractual Clauses (SCCs) into contracts with service providers.

5.    SECURITY OF YOUR PERSONAL DATA

Taking into account technological developments, implementation costs, the nature of the data to be protected, as well as the risks to the rights and freedoms of individuals, the CNSC implements all appropriate technical and organisational measures to ensure the security of the personal data collected.

These measures include:

  • The use of physical and logical security measures to ensure the availability, integrity and confidentiality of information systems and processed data,

  • Protection of the data against any security breach resulting, accidentally or unlawfully, in the destruction, loss, alteration, unauthorised disclosure of, or access to personal data (personal data breach).

6.    HOW TO EXERCISE YOUR RIGHTS REGARDING YOUR PERSONAL DATA

Within the limits and conditions provided by the GDPR, you have the right to request from the data controller access to your personal data, as well as the rectification or erasure of your data, and the restriction of its processing.

You also have the right to object to the processing of your personal data, in particular the right to object to your data being used for direct marketing purposes.

If, after contacting us, you believe that your rights regarding your personal data are not being respected, you may file a complaint with the National Commission for Data Protection (CNPD) or with the supervisory authority of your country of residence.

To exercise your rights or for any questions about the processing of your data, you may contact us, providing proof of identity, at: dpo@coque.lu

We recommend sending this request by registered mail with acknowledgement of receipt.

7.    AMENDMENTS TO THIS POLICY

This policy may be updated at any time. In the event of substantial changes, users will be informed by notification or email.

8.    REFERENCE LANGUAGE

In the event of discrepancies in interpretation between the various linguistic versions of this policy, only the original French version shall prevail.

 

Last update: December 2025