Privacy Policy

CNSC COQUE DATA PROTECTION POLICY

The Centre National Sportif et Culturel Coque (hereinafter the “CNSC”) is committed to protecting the personal data and privacy of its employees, customers, website visitors, and, more generally, any person using its services. All operations on your personal data are carried out in compliance with the regulations in force and in particular:

The Law of 1 August 2018 on the organisation of the National Commission for Data Protection and implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR), amending the Labour Code and the amended law of 25 March 2015, laying down the processing regime and the conditions and procedures for the promotion of civil servants;
The amended Law of 30 May 2005 on the specific provisions for the protection of the individual with regard to the processing of personal data in the electronic communications sector and amending articles 88-2 and 88-4 of the Code of Criminal Procedure.

The purpose of this Personal Data Protection Policy is to inform you:

The nature of the personal data processing activities we carry out about you
The categories of personal data we collect about you;
The way in which your personal data is processed by the CNSC;
The terms and conditions of use of your personal data and your rights in this regard, in compliance with the European and Luxembourg legislation applicable to the CNSC.

Table of contents
1. IDENTITY OF THE DATA CONTROLLER
2. DATA PROTECTION OFFICER (DPO)
3. DESCRIPTION OF THE PROCESSING OF YOUR PERSONAL DATA
3.1 Creation and management of the personal Webshop account
3.2 Booking of spaces for companies, clubs, federations, schools, institutions (municipalities, ministries, etc.) and groups
3.3 Coque Kaart, subscriptions and related services
3.4 Contests and commercial promotions
3.5 Our communications: newsletter
3.6 Application and job offer
3.7 Hotel room reservation
3.8 Reservation at the restaurant La Coquille
3.9 Management of registrations for activities offered by the CNSC: sports activities, Wellness Centre and children’s activities
3.10 Gift cards
3.11 Management of information read and/or write operations in your electronic communications terminal equipment based on your consent.
4. TRANSFER OF YOUR PERSONAL DATA OUTSIDE THE EUROPEAN UNION
5. SECURITY OF YOUR PERSONAL DATA
6. HOW TO EXERCISE YOUR RIGHTS REGARDING THE USE OF YOUR PERSONAL DATA
7. MODIFICATION OF THIS POLICY
8. REFERENCE LANGUAGE

1. IDENTITY OF THE DATA CONTROLLER

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is the Centre National Sportif et Culturel Coque (CNSC).
Address: 2, rue Léon Hengen, L-1745 Luxembourg
Telephone: +352 43 60 60 1
Email: info@coque.lu

2. DATA PROTECTION OFFICER (DPO)

For any questions regarding the processing of your personal data carried out by the CNSC, you may contact the Data Protection Officer (DPO) appointed to the National Commission for Data Protection:

By email: dpo@coque.lu
By post:
Caring for the DPO of the CNSC
2, rue Léon Hengen, L-1745 Luxembourg

3. DESCRIPTION OF THE PROCESSING OF YOUR PERSONAL DATA

As part of the operation of the website https://coque.lu/, the CNSC collects data about you. These personal data are processed in accordance with, and within the limits of, the purposes specified at the time of collection.

3.1 Creation and management of the personal Webshop account

a) Legal bases and purposes of the processing of personal data

The purpose of the processing is to create and manage your La Coque user account, as well as to access the services offered by the CNSC, and to manage the profiles (children under 16 years old) associated with this account.
• Main account: the processing is based on the legal basis for the performance of the contract
• Profiles (children under 16): the processing is based on the legal basis of legitimate interest.

b) Categories of personal data collected

To fulfil these purposes, the CNSC may collect the following data from you:
• Main account: first name, last name, gender, email address, phone number, date of birth, postal address, communication language, and history of registrations and bookings associated with your account;
• Profiles (children under 16): child’s first name, last name, and date of birth.

c) Retention periods for personal data

Your personal data is kept for the duration of your account, then for a period of three (3) years from your last activity (login or booking), unless there is a longer legal obligation to keep it. It is then securely deleted or anonymized.

d) Recipients or persons accessing your personal data

Your personal data are accessible only:
• To the authorised staff of the CNSC in charge of the management of accounts and associated services;
• Technical service providers (website developer and hosts).

Apart from these recipients, your personal data will not be passed on to third parties. However, the CNSC may be required to transmit your personal data to authorised third parties in order to comply with its legal obligations, in particular in the event of a judicial requisition.

3.2 Booking of spaces for companies, clubs, federations, schools, institutions (municipalities, ministries, etc.) and groups

a) Legal bases and purposes of the processing of personal data.

The purpose of the processing is to manage your reservation of a space, including the taking of reservations, the logistical organization and the provision of the premises; the legal basis is the performance of the contract concluded between the CNSC and the company or person making the reservation.

b) Categories of personal data collected

To meet these purposes, the CNSC may collect the following data from you:
• Name and surname, name of the company, professional contact details (address, e-mail, telephone), information relating to the reservation (date, time, space concerned), nature of the event organised, number of participants, diplomas (for access to the pit), surname and first name of the authorised group leaders (within the framework of access authorisations).
• For school groups, the schools send the CNSC a list of students by class in order to allow access to any latecomers.
• Potential health data collection: Groups can do their own by specific diet or intolerance.

c) Retention periods for personal data

Data relating to bookings is kept for the period necessary for the management of the contract, then archived for a period of five (5) years from the end of the service, in accordance with the rules of civil or commercial prescriptions. Beyond this period, it is securely deleted or anonymised, unless otherwise required by law.

d) Recipients or persons accessing your personal data

Your personal data is accessible only:
• To the authorised staff of the CNSC in charge of managing space reservations,
• Service providers involved in event management.

Apart from these recipients, your personal data will not be passedon to third parties. However, the CNSC may be required to transmit your personal data to authorised third parties in order to comply with its legal obligations, in particular in the event of a judicial requisition.

3.3 Coque Kaart, subscriptions and related services

a) Legal bases and purposes of the processing of personal data

The purpose of the processing is the creation and management of your Coque Kaart card, the management of your subscription (including, where applicable, its exceptional extension in the event of closure or justified impediment), as well as the management of the associated services (access, benefits, monitoring of use). The legal basis is the performance of the contract between the CNSC and the user.

b) Categories of personal data collected

To enable the management of your subscription or the issuance and management of the Coque Kaart, the CNSC collects the following data:
• Name and surname, postal address, email address, telephone number, date of birth, photograph of the holder (mandatory for the edition of the Coque Kaart), customer number and tracking information related to the subscription or associated services,
• Potential collection of health data: medical certificate.

c) Retention periods for personal data

The data is kept for the entire period of validity of the Coque Kaart, then archived for a maximum period of three (3) years from the end of the subscription, unless there is a longer legal obligation to keep it. After this period, it is securely deleted or anonymised.

d) ) Recipients or persons accessing your personal data

Your personal data are accessible only:
• To the authorized staff of the CNSC,
• Technical service providers (subscription management, payment, printing, card encoding)

3.4 Contests and commercial promotions

a) Legal bases and purposes of the processing of personal data

The purpose of the processing is the organisation, management and monitoring of competitions and one-off commercial events organised by the CNSC on the legal basis of your consent.

b) Categories of personal data collected

To meet these purposes, the CNSC may collect the following data from you: surname, first name, email address, telephone number, age for children, postal address, and, where applicable, the data necessary for the delivery of the prizes.

c) Retention periods for personal data

Data collected in the context of a competition or a commercial event are kept for the time necessary for their organisation and the delivery of any prizes, then deleted within six (6) months, unless there is a legal obligation or litigation justifying a longer retention.

d) Recipients or persons accessing your personal data

Your personal data are accessible only:
• To the authorized staff of the CNSC,
• Service providers involved in the management of the competition or the sending of the prizes (marketing agency, delivery service).

3.5 Our communications: newsletter

a) Legal bases and purposes of the processing of personal data

The purpose of the processing is to send information, news and offers about the CNSC, and to send reminder emails about your shopping cart, based on your consent.

b) Categories of personal data collected

To meet these purposes, the CNSC may collect the following data from you
• Newsletter: name, surname and email address.
• Cart reminders: email address

c) Retention periods for personal data

• Newsletter: your data is kept until you withdraw your consent (unsubscribe) or, failing that, for a maximum period of three (3) years from the last active contact (e.g. opening of the newsletter), unless there is a legal provision for a longer period.
• Cart reminders: Your email address is deleted after two reminders.

d) Recipients or persons accessing your personal data

Your personal data is accessible only:
• To the relevant staff of the CNSC,
• To its service provider Mailchimp, which is responsible for the development and hosting of the newsletter management tool.

3.6 Application and job offer

a) Legal bases and purposes of the processing of personal data

The purpose of the processing is to manage your application. On the legal basis of the execution of pre-contractual measures taken at your request, and where applicable on the legitimate interest of the CNSC to constitute a pool of applications for future recruitment.

b) Categories of personal data collected

To meet these purposes, the CNSC may collect the following data:
• Identity: last name, first name, date of birth, nationality.
• Contact data: email address, telephone, postal address.
• Personal life: marital status, number of children.
• CV, cover letter, diplomas, professional experience, interview test, and, where applicable, any other information provided as part of your application.

c) Retention periods for personal data

The data is retained:
• Throughout the recruitment process,
• Then, in the event of a negative outcome, archived for a maximum period of 2 years, unless you object, in order to contact you again for possible opportunities.

Beyond that, they are deleted or anonymised in a secure manner.

d) Recipients or persons accessing your personal data

Your personal data are accessible only:
• Authorized staff of the CNSC
• HR service providers involved in our recruitment processes

Apart from these recipients, your personal data will not be passed on to third parties. However, the CNSC may be required to transmit your personal data to authorised third parties in order to comply with its legal obligations, in particular in the event of a judicial requisition.

3.7 Hotel room reservation

a) Legal bases and purposes of the processing of personal data

The purpose of the processing is to manage your hotel reservation and to establish the accommodation form required by Luxembourg law. It is based on the legal basis for the performance of the contract relating to your booking and on the legal obligation to draw up and transmit the accommodation record to the competent authorities.

b) Categories of personal data collected

To meet these purposes, the CNSC may collect the following data from you: surname, first name, email address, postal address, telephone number, nationality, country of residence.

c) Retention periods for personal data

Your data is kept for the time necessary to manage the booking, then archived for a maximum period of 10 years in accordance with accounting and tax obligations, unless otherwise provided for by the legislation applicable in Luxembourg.
Accommodation records are kept for a period of six months, at the end of which they are automatically deleted.

d) Recipients or persons accessing your personal data

Your personal data are accessible only:
• To the relevant CNSC staff,
• To the provider Protel (software EU),
• at the Booking.com platform (EU platform),
• Accommodation forms: to the competent authorities via MyGuichet.lu (CTIE).

3.8 Reservation at the restaurant La Coquille

a) Legal bases and purposes of the processing of personal data

The purpose of the processing is to manage your reservation for lunch or dinner at the restaurant La Coquille. The legal basis for the processing is the performance of the contract. Data relating to dietary preferences or restrictions, when provided, are collected with your explicit consent and are used only to adapt the service.

b) Categories of personal data collected

To meet these purposes, the CNSC may collect the following data from you: surname, first name, email address, telephone number and optionally your preferences and dietary restrictions.

c) Retention periods for personal data

The data is kept for the time necessary to manage your booking, then archived for a maximum period of 3 years, unless otherwise required by law. Dietary preferences or restrictions are removed immediately after the service unless express consent is given for longer storage.

d) Recipients or persons having access to your personal data

Your personal data is accessible only:
• To the authorized staff of the CSNC,
• To its service provider Zenchef, which manages online bookings and manages flows.

3.9 Management of registrations for activities offered by the CNSC: sports activities, Relaxation Centre and children's activities

a) Legal bases and purposes of the processing of personal data

We collect and use your data to:
• Manage your sport registration,
• Manage your reservation at the Wellness Centre,
• Manage your registration for children’s activities (birthdays and camps).

This processing is based primarily on the legal basis for the performance of your contract with us, as well as on legal obligations.
The collection of your health data, or that of your minor child, is subject to your explicit consent.

b) Categories of personal data collected

To meet these purposes, the CNSC may collect the following data from you:
• Your identity and contact information: last name, first name, date of birth, contact details,
• For sports camps: name and first name of the representative, email address and telephone number, sport concerned, number of participants in the camp,
• Data related to your registration: activity, dates, number of participants,
• Your billing data,
• If necessary: certificates of fitness, restrictions, and dietary requirements,
• For children, contact details of the legal representative and specific information (with consent).

c) Retention periods of personal data

Your data is kept for a limited period of time:
• Up to 5 years after the last activity for registration data,
• 10 years for invoicing data in accordance with accounting obligations,
• For child events, medical data is deleted immediately after the event, other data is kept for up to 3 years for management or 10 years for billing.

After these periods, your data will be deleted or anonymised.

d) Recipients or persons accessing your personal data

Your personal data are accessible only:
• To the authorized staff of the CNSC,
• A Michel Consulting (EU platform for shop.coque.lu) for which the transfer is encrypted using the most secure and up-to-date SSL data transmission procedures.

3.10 Gift cards

a) Legal bases and purposes of the processing of personal data

The purpose of the processing is the purchase and management of the gift cards, on the legal basis of the performance of the contract concluded with the buyer.

b) Categories of personal data collected

To meet these purposes, the CNSC may collect the following data from you: first and last names of the offeror, first and last name, email address of the beneficiary of the gift card

c) Retention periods of personal data

Personal data relating to the purchase and use of gift cards is kept for a period of 1 year after the expiry date of the card's validity, i.e. a maximum of 2 years from the date of purchase, in order to be able to manage claims or disputes.

Data related to invoicing (buyer) is kept for 10 years, in accordance with the accounting obligations applicable in Luxembourg.

d) Recipients or persons accessing your personal data

Your personal data is accessible only to authorized staff of the CNSC,Apart from these recipients, your personal data is not communicated to third parties. However, the CNSC may be required to transmit your personal data to authorised third parties in order to comply with its legal obligations, in particular in the event of a judicial requisition.

3.11 Management of information read and/or write operations in your electronic communications terminal equipment based on your consent.

Consult our Cookie Policy.

4. TRANSFER OF YOUR PERSONAL DATA OUTSIDE THE EUROPEAN UNION

The personal data collected by La Coque is mainly processed within the European Union. However, some third-party services may involve transferring your data outside the EU, including:
• Mailchimp (The Rocket Science Group, LLC, United States), used for newsletter management and subscriber lists.
• Booking.com B.V., Netherlands: Transfers outside the EU with appropriate safeguards (standard contractual clauses).

In these cases, the CNSC ensures that such transfers are carried out in accordance with the GDPR and European case law by implementing appropriate safeguards, including:

a) Transfer to the United States of America:

On 10 July 2023, the European Commission adopted a new adequacy decision concerning the United States.

With this decision, the Commission considers that the amendments made by the United States to its national legislation now ensure an adequate level of protection of personal data transferred from the EU to organisations located in the United States when they comply with this new "data protection framework". The list of these organizations is being kept up to date and will soon be made public by the U.S. Department of Commerce.
Transfers of personal data from the European Union to the organisations on this list can therefore be carried out freely, without a specific framework in the form of "standard contractual clauses" or any other transfer instrument.

• For our newsletter, we use the "Mailchimp" service offered by The Rocket Science Group, LLC (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA). This data will be processed exclusively for the purpose of sending our newsletters. Information collected through this feature is usually sent to and stored on one of the servers located in the United States. As The Rocket Science Group is not certified under the Data Privacy Framework, the transfer of personal data to this recipient is covered by the following standard contractual clauses.
• To measure the audience of our website, we use Google Analytics, a service offered by Google Inc 1600 Amphitheatre Parkway, Mountain View, CA 94043. As Google Inc is certified under the Data Privacy Framework, this transfer does not require any specific framework in the form of "standard contractual clauses" or any other transfer instrument.

b) The integration of Standard Contractual Clauses (SCCs) validated by the European Commission in contracts with these providers.

c) The implementation of additional technical and organisational measures,

such as encrypting data before transmission, pseudonymisation when possible, as well as rigorous monitoring of data during transfer and storage.

5. SECURITY OF YOUR PERSONAL DATA

Taking into account the evolution of technologies, the costs of implementation, the nature of the data to be protected as well as the risks to the rights and freedoms of individuals, the CNSC implements all appropriate technical and organisational measures to guarantee the security of the personal data collected.
These measures include:
- The use of physical and logical security means to guarantee the availability, integrity and confidentiality of the information systems and the data processed,
- Protecting data against any breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data (personal data breaches).

6. HOW TO EXERCISE YOUR RIGHTS REGARDING THE USE OF YOUR PERSONAL DATA

Within the limits and under the conditions permitted by the GDPR, you have the right to request from the controller access to your personal data, rectification or erasure of your personal data and restriction of the processing of your personal data.
You also have the right to object to the processing of your personal data, in particular the right to object to your data being used for commercial prospecting purposes.

If, after contacting us, you believe that your rights over your personal data are not respected, you may file a complaint with the National Data Protection Commission (CNPD) or the Supervisory Authority of your place of residence.

To exercise these rights or for any questions about the processing of your data, you can contact us by justifying your identity and by contacting the CNSC, by electronic means: dpo@coque.lu.

We recommend sending your request via registered mail with acknowledgment of receipt.

7. MODIFICATION OF THIS POLICY

This policy may be updated at any time. In the event of a substantial change, users will be informed by a notification or an email.

8. REFERENCE LANGUAGE

In the event of a discrepancy in interpretation between the different language versions of this policy, only the original French version shall prevail.

Last modification: November 2025