We are very pleased about your interest in our company. Data protection has a particularly high priority for the management of Coproprieté Niederkorn Mall. The use of the website of Coproprieté Niederkorn Mall is generally possible without providing any personal data. However, if a data subject wishes to use special services of our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data—such as the name, address, email address or telephone number of a data subject—is always carried out in accordance with the General Data Protection Regulation and with the country-specific data protection provisions applicable to Coproprieté Niederkorn Mall. By means of this privacy policy, our company wishes to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, this privacy policy informs data subjects of the rights to which they are entitled.
As the controller, Coproprieté Niederkorn Mall has implemented numerous technical and organisational measures to ensure the most complete protection possible of the personal data processed through this website. Nevertheless, internet-based data transmissions may generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
The privacy policy of Coproprieté Niederkorn Mall is based on the terms used by the European legislator in the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public, as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.
In this privacy policy we use, inter alia, the following terms:
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
Processing is any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is any form of automated processing of personal data consisting of the use of said data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that person.
Pseudonymisation is the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
The controller or controller responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data.
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
A recipient is a natural or legal person, public authority, agency or another body to which personal data are disclosed, whether a third party or not.
A third party is any natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
Controller for the purposes of the GDPR, other applicable European data protection laws and data protection regulations is:
Coproprieté Niederkorn Mall
Toni Travessa & Antonio Tavares
50, Rue des Prés
L-7333 Steinsel
Luxembourg
Contact
Telephone: +352 621 228 090
Email: a.leidinger@lei-realinvest.com
Website: https://niederkornmall.com
The website of Coproprieté Niederkorn Mall uses cookies. Cookies are text files that are stored on a computer system via an internet browser. Many websites and servers use cookies. Many cookies contain a cookie ID—a unique identifier of the cookie. This ID consists of a string of characters through which webpages and servers can be assigned to the specific browser in which the cookie was stored. This allows visited webpages and servers to distinguish the browser of the data subject from other internet browsers that contain other cookies.
Through the use of cookies, Coproprieté Niederkorn Mall can provide users of this website with more user-friendly services that would not be possible without the use of cookies.
Cookies can be used to optimise the information and offerings on our website in the interests of the user. As mentioned, cookies enable us to recognise the users of our website. The purpose of this recognition is to make it easier for users to utilise our website. For example, a user of a website that uses cookies does not need to enter login data each time they visit the site, because this is taken over by the website and the cookie stored on the user’s computer system.
Data subjects may prevent the setting of cookies by our website at any time through a corresponding setting of the internet browser and thus permanently refuse the setting of cookies. Furthermore, already set cookies may be deleted at any time via an internet browser or other software programmes.
The website of Coproprieté Niederkorn Mall collects a series of general data and information each time a data subject or an automated system accesses the website. These general data and information are stored in the server log files.
Collected may be:
the browser types and versions used
the operating system used by the accessing system
the webpage from which an accessing system reaches our website (referrer)
the sub-pages accessed via an accessing system on our website
the date and time of access
an Internet Protocol address (IP address)
the internet service provider of the accessing system
any other similar data and information that may serve the purpose of security in the event of attacks on our IT systems
When using these general data and information, Coproprieté Niederkorn Mall does not draw any conclusions about the data subject.
Rather, this information is required to:
deliver the content of our website correctly
optimise the content of our website
ensure the long-term functionality of our IT systems and website technology
provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack
These anonymously collected data and information are therefore evaluated statistically and also with the aim of increasing data protection and data security within our company, ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
The website of Coproprieté Niederkorn Mall contains information which enables quick electronic contact with our company as well as direct communication with us. This includes a general address of electronic mail (email address).
If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted voluntarily by a data subject are stored for the purpose of processing or contacting the data subject. There is no transfer of these personal data to third parties.
The controller processes and stores the personal data of the data subject only for the period necessary to achieve the purpose of storage or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject.
If the storage purpose no longer applies, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
Every data subject has the rights granted by the European legislator. These include:
Each data subject has the right to obtain confirmation from the controller as to whether personal data concerning them is being processed.
Each data subject has the right to obtain free information from the controller about the personal data stored about them and a copy of this information.
The European legislator also grants access to the following:
the purposes of the processing
the categories of personal data concerned
the recipients to whom the data have been or will be disclosed
the envisaged retention period or the criteria used to determine that period
the existence of the right to rectification or erasure
the right to restrict processing
the right to object
the right to lodge a complaint with a supervisory authority
where the data are not collected from the data subject, information about their origin
the existence of automated decision-making, including profiling
Every data subject has the right to obtain from the controller the rectification of inaccurate personal data concerning them, and to have incomplete personal data completed.
Every data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay where one of the following grounds applies:
the personal data are no longer necessary
consent is withdrawn and no other legal ground exists
objection is made and no overriding legitimate grounds exist
the data were unlawfully processed
erasure is required by law
the data were collected in relation to information society services
If Coproprieté Niederkorn Mall has made the personal data public and is obliged to erase them, we will take reasonable steps to inform other controllers processing those data that the data subject has requested erasure of links, copies or replications.
The data subject has the right to restrict processing if:
the accuracy of the personal data is contested
the processing is unlawful and the data subject opposes erasure
the controller no longer needs the data, but they are required by the data subject for legal claims
the data subject has objected and a verification is pending
The data subject has the right to receive the personal data they provided in a structured, commonly used and machine-readable format, and to transmit those data to another controller without hindrance.
They also have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
The data subject may object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them.
Coproprieté Niederkorn Mall will stop processing unless we demonstrate compelling legitimate grounds.
If personal data are processed for direct marketing, the data subject has the right to object at any time.
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significant effects.
The data subject may withdraw consent at any time.
The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also take place electronically. This is particularly the case if an applicant submits relevant documents to the controller electronically, for example by email or via a web form on the website.
If the controller concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion.
A legitimate interest in this context would include the duty of proof in proceedings under the General Equal Treatment Act (AGG).
The controller has integrated components of the company Facebook on this website. Facebook is a social network.
A social network is a social meeting place operated on the internet, an online community that generally enables users to communicate and interact with each other in virtual space. A social network may serve as a platform for exchanging opinions and experiences or allow the internet community to provide personal or company-related information.
Among other features, Facebook allows users of the social network to create private profiles, upload photos and network via friend requests.
The operator of Facebook is:
Facebook, Inc.
1 Hacker Way
Menlo Park, CA 94025
USA
For users living outside the USA or Canada, the controller is:
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland
Each time one of the individual pages of this website, operated by the controller, is accessed and on which a Facebook component (Facebook plug-in) is integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook.
A complete overview of all Facebook plug-ins can be found at:
https://developers.facebook.com/docs/plugins/
During this technical procedure, Facebook is informed of which specific subpage of our website the data subject visited.
If the data subject is logged in to Facebook at the same time, Facebook recognises which specific page they visit during the entire duration of their stay.
When a data subject clicks on one of the integrated Facebook buttons such as the “Like” button or leaves a comment, Facebook assigns this information to the personal Facebook account of the data subject and stores this personal data.
Facebook always receives information via the Facebook component that the data subject has visited our website if they are logged in to Facebook at the time of access.
If such transmission of information to Facebook is not desired, the data subject can prevent this by logging out of their Facebook account before accessing our website.
The data policy published by Facebook, available at:
https://www.facebook.com/about/privacy
provides information on the collection, processing and use of personal data by Facebook.
The controller has integrated the component Google Analytics (with anonymisation function) on this website. Google Analytics is a web analytics service.
Web analytics is the collection, gathering and evaluation of data about the behaviour of visitors to websites. A web analytics service collects, inter alia, data about:
the website from which a data subject came (referrer)
which subpages are accessed
how often
and for how long
Google Analytics is operated by:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
The controller uses the “_gat._anonymizeIp” extension. By means of this extension, the IP address of the internet connection of the data subject is shortened and anonymised by Google when access occurs from within a member state of the EU or another state party to the EEA.
The purpose of Google Analytics is:
analysis of visitor flows
compilation of online reports for the controller
providing further services related to website use
Google Analytics sets a cookie on the IT system of the data subject.
Through Google Analytics, personal data such as:
access time
location from which access originated
frequency of visits
are transmitted to Google in the USA. These data are stored by Google. Google may pass personal data collected through this technical process to third parties.
The data subject may prevent the setting of cookies by our website at any time by adjusting browser settings. They may also delete cookies already set.
Furthermore, a browser add-on is available to prevent data collection by Google Analytics:
Opt-out tool:
https://tools.google.com/dlpage/gaoptout
If the IT system of the data subject is later deleted or reset, the add-on must be reinstalled.
More information:
https://policies.google.com/privacy
https://www.google.com/analytics/terms/
The controller has integrated components of the Instagram service on this website. Instagram is a social platform enabling users to share photos and videos and distribute such data in other social networks.
The operator of Instagram is:
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland
Each time one of the individual pages on this site is accessed and an Instagram component (Insta button) is integrated, the internet browser of the data subject is prompted to download the Instagram component.
If the data subject is logged in to Instagram at the same time, Instagram recognises each visit to our site and each specific subpage accessed.
If a data subject clicks an Instagram button, the transmitted data are assigned to their personal Instagram account.
If such transmission is not desired, logging out of Instagram before accessing our website will prevent it.
Further information and applicable Instagram privacy provisions:
https://help.instagram.com/155833707900388
https://www.instagram.com/about/legal/privacy/
Art. 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, with processing operations required for the supply of goods or the provision of any service, the processing is based on Art. 6(1)(b) GDPR.
The same applies to such processing operations that are necessary for carrying out precontractual measures, for example in cases of enquiries concerning our products or services.
If our company is subject to a legal obligation by which processing of personal data becomes necessary – such as for the fulfilment of tax obligations – the processing is based on Art. 6(1)(c) GDPR.
In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person. For example, this would be the case if a visitor was injured in our business premises and their name, age, health insurance data or other vital information had to be transmitted to a doctor, hospital or other third party.
Finally, processing operations could be based on Art. 6(1)(f) GDPR. This legal basis is used for processing operations which are not covered by any of the aforementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. The legislator considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47, GDPR).
Where the processing of personal data is based on Art. 6(1)(f) GDPR, our legitimate interest is the proper conduct of our business activities for the benefit of our employees and shareholders.
The criterion used to determine the storage period of personal data is the respective statutory retention period. After the expiry of that period, the corresponding data are routinely deleted, provided they are no longer necessary for the fulfilment or initiation of a contract.
The provision of personal data may sometimes:
be required by law (e.g., tax regulations),
result from contractual provisions (e.g., details of the contracting party), or
be necessary for the conclusion of a contract.
Sometimes it may be necessary that a data subject provides us with personal data that we subsequently need to process. For example, the data subject may be obliged to provide us with personal data when our company concludes a contract with them.
Failure to provide this data may result in the contract not being concluded.
Before providing personal data, the data subject must contact any employee. The employee will clarify whether the provision of personal data is required by law or contract or necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision.
As a responsible company, we do not use automated decision-making or profiling.
