Dateschutzrichtlinn
GDPR - General Data Protection Regulation: General Information Notice
It is of the utmost importance to us to respect the rights of individuals when it comes to processing personal data, hereinafter referred to as “data”. This statement explains what kind of personal data we collect, how we use it and how we ensure to guarantee its security (integrity, confidentiality, and availability). It also aims to inform you about your rights and how to exercise these.
1. What is the regulation on personal data protection?
As of 25 May 2018, the General Data Protection Regulation (GDPR) is applicable in all member countries of the European Union. This text aims to protect individuals and, more specifically, the processing along with the free flow of personal data.
The above-mentioned regulation aims to give European citizens more control over their personal data, make companies more accountable and reinforce the role of the local data protection authorities (CNPD - Commission Nationale de la Protection des Données in Luxembourg).
2. To whom is this notice intended for?
The GDPR applies to the processing of personal data of living natural persons, i.e. our customers and ex-customers, prospects, suppliers, employees, etc. Further information in terms of the personal data process for any other person, whose personal data is being processed by Leneda, is available in this notice.
What is meant by “personal data” and “processing”?
Personal data:
- any information relating to an individual who can be identified or an identifiable natural person (“data subject”);
- an identifiable natural person is one who can, whether directly or indirectly, be identified, in particular based to an identifier such as a name, an identification number, a location data, an online identifier or to specific factors related to the physical, physiological, genetic, mental, economic, cultural or social identity of an individual person;
Processing:
- any action or set of operations performed on personal data, whether by collection, recording, organization, structuring, storage, adaptation, modification, retrieval, consultation, use, disclosure by transmission, sharing, availability, alignment, combination, restriction, deletion, or destruction;
3. How do we collect your data?
a. Personal data transmitted directly by the data subject
You directly provide Leneda with most of the data we collect. We collect data and process data when you:
- Register online
- Voluntarily consent to have your Delivery Service Operator share your data with Leneda.
b. Personal data collected through automated procedures
We collect personal data via the exchange of computer systems.
We exchange information:
- within the framework related to the organization of the energy markets, mainly with the energy supplier of your choice,
- with financial institutions to pay your invoices.
We collect data from the network’s technical installations with the purpose of managing this in connection with the services / offers requested, or as part of our obligations.
4. The personal data we collect
In order to provide high quality services and offers, we only collect the minimum of data required for the implementation.
All this data is collected in compliance with the law or with the aim to best meet our commitments.
The data we collect may include the following:
- Identification information: We collect your first, last name and birthdate.
- Contact details: We collect your e-mail address, your postal address, your landline or cell phone number, the language in which you communicate and honorific title and other similar contact data.
- Identifiers: In specific cases (public contracts, etc.), we collect hashed (non-reversible encryption) passwords and similar security information used for the authentication and the access to your account.
- Financial data: We collect the data required to process your payments, in particular via SEPA mandates. (future storage and usage as per October 2024). We can collect VAT numbers.
- Contractual data: We collect the necessary data for the completion and the accurate execution of the contract (orders).
- Customer’s consumption data: As part of the network usage, we collect the information related to the consumption of a customer per ¼ hour (electricity) / per hour (gas) or the annual consumption. For forecasting purposes of the network management, we also collect your standard type of consumption profile.
- Technical data: We collect technical data relating to the characteristics of technical installations, which are used to manage the installations themselves as well as the network, in order to define and control the conditions of a contract in terms of the fees.
- Company mandates data: in case of company mandating a professional we collect information on function, company, work mail and other similar information.
We collect energy measurement data including load curves and meter reads.
Our Company uses functionality cookies to keep you signed in.
5. How will we use your data?
Our Company collects your data so that we can:
- Manage your account.
- Pursue its legal obligations, especially the amended Law of August 1, 2007, related to the organisation of the electricity market.
- Provide reporting to the authorities in application of national or European legislation.
- Provide your Supplier with the data necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.
6. Our process in detail
Processing of personal data for which Leneda is the data controller
| Category | Details |
|---|---|
| 1) Business Partner Person Onboarding | Legal Basis:
Possible recipients of personal data:
Retention period of personal data: Data collected will be kept for 15 years after the last contract expiration Type of personal data processed:
|
| 2) Mandate/Delegation/Granting of Access Rights | Legal Basis:
Possible recipients of personal data:
Retention period of personal data: Data collected will be kept for 15 years after the last contract expiration Type of personal data processed:
|
| 3) Access to Metering Point | Legitimate Basis:
Possible recipients of personal data:
Retention period of personal data: Data collected will be kept for 15 years after the last contract expiration Type of personal data processed:
|
| 4) Leneda Platform Operational and Security Management | Legal Basis:
Possible recipients of personal data:
Retention period of personal data: Data collected will be kept for 15 years after the last contract expiration Type of personal data processed:
|
| 5) Business Partner Operations Read | Legal Basis:
Possible Recipients of Personal Data:
Retention period of personal data: Data collected will be kept for 15 years after the last contract expiration Type of personal data processed:
|
| 6) Business Partner Operations Update | Legal Basis:
Possible recipients of personal data:
Retention period of personal data: Data collected will be kept for 15 years after the last contract expiration Type of personal data processed:
|
| 7) Archiving and Deletion of Personal Data | Legal Basis:
Possible recipients of personal data:
Retention period of personal data: Data collected will be kept for 15 years after the last contract expiration Type of personal data processed:
|
| 8) Data Comparisons | Legal Basis:
Possible recipients of personal data:
Retention period of personal data: Data collected will be kept for 15 years after the last contract expiration Type of personal data processed:
|
| 9) Sharing Group Management | Legal Basis:
Possible recipients of personal data:
Retention period of personal data: Data collected will be kept for 15 years after the last contract expiration Type of personal data processed:
|
| 10) SAP Processing on Leneda | Legal Basis:
Possible recipients of personal data:
Retention period of personal data: Data collected will be kept for 15 years after the last contract expiration Type of personal data processed:
|
| 11) Personal data collected for companies | Legal Basis:
Possible recipients of personal data:
Retention period of personal data: Data collected will be kept for 15 years after the last contract expiration Type of personal data processed:
|
(1) Luxembourg authorities: Ministries, Institut Luxembourgeois de Régulation (ILR), Administration du cadastre, Administrations communales, etc.
(2) Other third parties: notaries, lawyers, auditors, installers, energy suppliers, Luxmetering, architects, design offices, promoters, Chambre des métiers, etc.
7. How do we ensure the security of your data?
We do our utmost to protect your personal data and its confidentiality, whether on our IT network, our natural gas and electricity networks, in our offices or in our regional centers.
Our employees have been specifically trained to handle confidential data, including your data, in the most appropriate way possible.
For every project involving the processing of personal data, we first carry out an assessment of the risks and security requirements, safeguarding, above all, your interests. Our information protection policy, requirement and management standards are based on ISO 27000 international standards.
Specialists ensure that the security of our IT network, infrastructure and information systems meet the highest standards.
In addition, we take all the necessary technical measures to protect your personal data against unauthorized access or use, as well as against loss or theft. If, despite the many protective measures in place, your personal data should be lost or stolen, you, as our customer, will be personally notified in the circumstances provided for by law.
8. Do we sell your data to third parties or pass it on?
We do not sell your data to third parties.
We do not share your credit card or other financial information for marketing purposes.
We may share your data with trusted service providers or partners only when necessary to deliver our services, comply with legal obligations, or with your explicit consent. In such cases, we require that any third parties involved in the procedure do agree to process the information in accordance with our instructions and requirements.
9. What are your rights?
The Data Protection Regulation grants certain rights to users or data subjects. These rights are:
- The right to be informed: Data controllers must be transparent as to how they use personal data.
- The right of access: Individuals will have the right to know exactly what information is retained about them and how it is processed. Any information request is free of charge.
- The right of rectification: Individuals will have the right to rectify personal data if it is inaccurate or incomplete.
- The right of erasure: Also known as the “right to be forgotten”. This refers to an individual’s right to have their personal data deleted or erased without providing a specific or reasonable explanation as to why they wish to do so.
- The right of restricting the processing: This refers to an individual’s right to block or suppress the processing of their personal data.
- The right of data portability: This enables individuals to retain and re-use their personal data for their own intentions.
- The right to object: In certain circumstances, individuals have the right to object their personal data being used. This includes for instance if a company uses personal data for direct marketing, scientific and historical research purposes, or for the performance of a task in the public interest.
- Automated decision-making and profiling rights: The GDPR has put in place safety measures to protect individuals against the risk of a potentially harmful decision being made without a human intervention. For example, individuals can choose not to be the subject of a decision where the consequence has a legal impact on them or is based on an automated processing.
To ensure we can handle your request efficiently, when making an inquiry or exercising your data subject rights, please include the following information:
- Identification: Provide information that allows us to find your data, such as your full name, email address, or account number.
- Clear Statement of Request: Clearly state the purpose of your communication, whether it is a general inquiry or an exercise of a specific right (e.g., right to access, right to erasure, right to object).
- Reason for Request (if applicable): If your request is based on your particular situation (e.g., an objection to processing based on legitimate interests), please provide the specific grounds.
- Scope of the Request: Be specific about the data or processing activities your request concerns. For example, “I want to exercise my right to erasure for all data associated with my account.”
You can send your request to dpo@creos.net.
10. Changes to our privacy policy
Leneda keeps its privacy policy under regular review to reflect changes in our practices, legal requirements or service offerings. We encourage you to review this page periodically to stay informed about how we protect your personal data.
11. Who are your contact persons at Leneda for your personal data?
The Creos Data Protection Officer can be contacted at dpo@creos.net. He will deal with your request as quickly as possible.
You can contact our Customer Service Department if you have any queries related to the Leneda platform:
- E-mail: support.leneda@creos.net
For any complaints about the processing of your personal data, you can contact the Luxembourg Data Protection Authority:
-
Commission Nationale pour la Protection des Données (CNPD)
15, boulevard du Jazz
L-4370 Esch-sur-Alzette
Tel.: 2610 60 1
Fax: 2610 60 29
e-mail: info@cnpd.lu
Web: www.cnpd.lu
- GDPR - General Data Protection Regulation: General Information Notice
- 1. What is the regulation on personal data protection?
- 2. To whom is this notice intended for?
- What is meant by “personal data” and “processing”?
- 3. How do we collect your data?
- a. Personal data transmitted directly by the data subject
- b. Personal data collected through automated procedures
- 4. The personal data we collect
- 5. How will we use your data?
- 6. Our process in detail
- Processing of personal data for which Leneda is the data controller
- 7. How do we ensure the security of your data?
- 8. Do we sell your data to third parties or pass it on?
- 9. What are your rights?
- 10. Changes to our privacy policy
- 11. Who are your contact persons at Leneda for your personal data?