Data Protection Policy - POST (2024)

POST attaches great importance to protecting your privacy and is aware of how important it is to you.

Data Protection Policy - POST (1)

Foreword

POST does everything possible to ensure to provide its clients with a confident service by processing your data in a transparent way as well as in strict compliance with applicable regulations in accordance with your own preferences.

How to contact us?

Personal data collected by POST websites and/or mobile apps is subject to automated processing. The data controller responsible for such processing is:

POST Luxembourg

  • POST Luxembourg / RCS Luxembourg: J28 / VAT : LU 15400030
  • 38, place de la Gare, L-1616 Luxembourg
  • Telephone: 8002 8004
  • E-mail : contact.televente@post.lu

POST Telecom S.A.

  • POST Telecom S.A. / RCS Luxembourg: B43290 / VAT : LU 15558109
  • 1, rue Emile Bian – L-1235 Luxembourg
  • Telephone: 8002 8004
  • E-mail : contact.telecom@post.lu

Other contact details

Data Protection Officer (DPO)’s details:

Data protection

Answers to your questions
(version 3.3)

The personal data we collect from you when you browse POST websites or use POST mobile apps is subject to computer processing for at least one of the following purposes:

  • To provide you with the service or information requested;

  • To manage your business relationship with POST;

  • To process, track and fulfil your orders when you make purchases on our websites or mobile apps;

  • To compile statistics and analyses on traffic to and browsing of the proposed webpages and sections, in order to understand how you interact with our websites and improve the quality of services we offer you as a result;

  • To notify you about POST and partner products, events, offers and services when you subscribe to these news feeds (newsletter, RSS feeds etc.);

  • To customise how the websites function to your preferences (language, display preferences, etc.);

  • To offer personalised and targeted content (products and services) based on your interests, pages you have already visited, and your purchase history;

  • To give you access to tailored offers and benefits as part of our loyalty scheme, if you sign up;

  • To send you advertising, subject to obtaining your prior consent;

  • To maintain secure access to your personal data and detect any hacking attempts;

  • To obtain your opinions through surveys in which you can choose to participate;

  • To manage the competitions or lotteries organised by POST, if you decide to take part in them;

  • To process your applications if you apply for one of the job vacancies published by POST.

For each of the purposes indicated above, the processing of your personal data is based:

  • On the fact that it is necessary for the performance of an agreement concluded between you and POST, or for the performance of pre-contractual measures taken at your request;

  • On the fact that it is required for compliance with a legal obligation to which POST is subject;

  • On the fact that you have consented to processing;

  • On an interest recognised as legitimate for POST (fraud prevention, data and infrastructure security, etc.).

POST ensures that your personal data is processed in a way that is fully compatible with the purposes indicated above. In the event of further processing of your data for a purpose other than that initially provided for, all necessary information will be sent to you in advance. You may then object to this further processing.

Your “personal data” refers to all information that relates to you as a natural person and which can be used to identify you, directly or indirectly.

The personal data that POST is likely to collect or process when you browse its websites or use its mobile apps is:

  • Basic identification data, such as your first names and surnames, your date and place of birth, your postal address, your e-mail address, and your phone numbers, etc.;

  • Technical connection and navigation data, such as your device’s IP address, the time and date of your connection, the pages visited, the characteristics of your browser (type, language, etc.) and your device (type, resolution, etc)., the username/password you use to log in, cookies, etc.;

  • Personal data, such as your family status, the composition of your household, your lifestyle, hobbies, etc.;

  • Bank details, such as your account number, your IBAN, your beneficiaries’ bank details, the identification details for your payment methods, etc.;

  • Professional data (data that would be usually included in a CV when you apply for a job);

  • Geolocation data;

  • Publication data, such as your areas of interest, opinions, comments, notes, messages posted in community and social forums and features of websites or mobile apps;

  • Behavioural data, such as your purchase history.

Some of the information collected is required to achieve the abovementioned objectives, whereas other information is optional. You will be systematically notified whether information is required or optional when it is collected. If you do not fill in certain required fields, this may prevent POST from providing you with the relevant product or service, or from ensuring it is of the expected quality.

Whatever the aim pursued and justifying the processing of your personal data, no “sensitive data” as referred to by the regulation will be handled during the course of your customer relationship with POST.

When you use its websites or mobile applications, POST may collect your personal data in different locations or at different times when:

  • You browse pages on a POST website or mobile app;

  • You subscribe to one of our news feeds (newsletters, RSS feeds, notifications, etc.);

  • You create your personal account in the MyPost app (“My account” section);

  • When you contact us (“Contact” section or Online Instant Messaging tool);

  • You fill out an order form for an online purchase;

  • You apply for a job (“Join us” or “Careers” section);

  • You give us your opinion on our products & services;

  • You participate in a survey or competition.

POST makes sure to only collect data that is strictly required for providing the services you want to use.

POST may also have cause to collect certain personal data that is indirectly related to you:

  • By purchasing files from third-party organisations with which you may be connected, if you have previously consented to share your data with such organisations;

  • By using Open Data files.

When POST uses your data obtained from these types of files, you will be notified when contact is first made.

The personal data we collect from you when you browse POST websites or use POST mobile apps will primarily be used by the internal departments at POST that are authorised to process it. Nevertheless, it may be sent:

  • to the processing companies that POST uses to deliver certain services, such as, for example, the hosting and operating of websites, the sending of our newsletter, and the management, processing and payment of your online purchases;

  • to postal services and overseas customs services when you send letters and/or parcels to another country;

  • to companies instructed by the Luxembourg regulator to provide universal telephone directory and enquiry services, unless you have expressed an objection to your number being published by these services;

  • to business partners, provided that you have consented to being contacted by them.

POST may be required to transfer some of your personal data to a third party at the request of the judicial authorities or any other administrative authority empowered by law.

In addition, POST ensures that any transfer of your personal data to authorised third parties will not result in your data being transferred to a country located outside of the European Union without taking appropriate additional protective measures, seeking in particular to ensure you can exercise your rights.

Personal data collected and processed by POST will only be retained for a period that is strictly necessary to achieve the stated processing objectives and to ensure compliance with a legal obligation imposed by the applicable legislation.

As such, depending on the type of data processed and the purposes envisaged, POST’s retention period will be:

  • no more than 3 months from the date on which the data is recorded by POST, for data processed across the online Instant Messaging tool;

  • no more than 6 months from the date on which the data is recorded by POST, for data processed for traceability purposes, for logical security or for the proper functioning of IT applications and networks;

  • no more than 13 months from the point of creation, for cookies and other trackers managed by POST websites or mobile apps;

  • no more than 2 years after your most recent contact with POST, for data processed in respect of a job application;

  • no more than 3 years from the date of data collection by POST or after your most recent contact with POST, for data processed for marketing purposes;

  • no more than 3 years from the end of your business relationship with POST, for data processed for marketing campaign purposes and/or to promote POST’s or its partners’ offers;

  • no more than 10 years from the end of your business relationship with POST, for data related to contractual (agreements, guarantees, complaints, debt collection and litigation, etc.) or accounting aspects (billing, order forms, delivery receipts, etc.).

POST implements appropriate and reasonable security measures in light of the risks posed by the processing carried out in order to protect your data against destruction, loss, modification, disclosure or unauthorised access and any other form of illegal processing.

All POST employees and processors with access to your personal data as part of their jobs are bound by strict confidentiality obligations. They only access the data they need to do their job and are regularly made aware of and trained on the compliance and security rules applicable to your personal data.

The security measures applied to our websites and mobile apps are periodically checked and tested by teams from the POST CyberForce department.

In addition, in the event of a Personal Data breach likely to result in a risk to your rights and freedoms, POST undertakes to comply with its obligation to notify the CNPD of said Personal Data breaches.

Where POST processes your personal data, you may exercise the following rights at any time and to the extent permitted by law:

  • To be informed of the processing of your personal data by POST;

  • To access your personal data (to know which data has been collected and processed and to obtain a copy), ask for them to be corrected if they are incorrect or incomplete, ask for them to be erased if they are outdated;

  • To refuse to allow them to be processed for legitimate reasons (in particular for marketing purposes);

  • If the prior conditions are met, to request that the processing of your personal data be restricted or that your data be erased entirely (right to be forgotten);

  • To request a copy of the personal data you have provided to POST in a structured format (data portability), unless this infringes the rights and freedoms of third parties;

  • To request that your data not be included in decisions based entirely on automated processing, including profiling, when such decisions would have legal ramifications relating to you or affect you significantly in a similar fashion. You can also ask for the logic behind the automated processing to be clarified in order to be able to contest it and request that it be reviewed by an individual;

  • To withdraw your consent to processing based on the latter at any time.

You can exercise one of these rights free of charge by contacting the POST DPO whose contact details are given at the top of this page.

So that we can respond to your request securely and prevent any identity fraud, you may be asked to provide proof of identity.

POST undertakes to respond within no more than one month following receipt of your duly completed request.

You can also file a complaint with the National Commission for Data Protection (CNPD) on their website: www.cnpd.lu

Cookie management

Answers to your questions
(version 3.3)

A cookie is a small file generally made up of letters and numbers sent by the internet server and saved to your device (PC, tablet or smartphone) via your web browser (Google Chrome, Mozilla Firefox, Microsoft Internet Explorer or Edge, Apple Safari, Opera, etc.).

Some cookies are stored directly by the websites you visit. Others, known as “third-party cookies” are stored by the website’s partners (social networks, advertising networks etc.).

Most cookies store technical information relating to your browsing history on a particular website (language settings, screen size and resolution, connection time, pages visited, IP address, etc.) to enable that website to “recognise” your device throughout your interaction with it.

They are generally required to enable the website to function properly (saving your session, your shopping basket, remembering your favourites, etc.), but they also serve to analyse your browsing behaviour on the website, optimising your experience and showing you personalised content such as articles, offers, search suggestions or targeted advertising in line with your preferences, if you wish.

Please note that sharing your device with other people is likely to have an impact on the personalisation the cookies we use can offer and consequently on their effectiveness in terms of your individual preferences.

“Third-party cookies” may also be placed on your device during your browsing. The acceptance of these cookies allows in particular the display of content linked to other sites (“sharing to social networks”, etc.). The deposit of these "third-party cookies" is subject to the data protection policies of these third parties, who are solely responsible for the collection.

Our websites and our mobile apps may use a range of cookies to better customise how they function, by interacting with your user profile.

Our websites and mobile apps primarily use five types of cookies:

Strictly necessary cookies

These make it possible to use the main functions of the websites and/or mobile apps, such as remembering your device’s display preferences (language, display settings) based on the graphic charter, the device type and the viewing and screen reading software that you use (internet browser type) and to take this into account during subsequent visits.

They also allow us to link the various pages consulted together so as to enable a seamless browsing experience.

They mean we can manage your user session once you have been identified, as well as the content of your shopping basket if applicable.

These cookies are essential to enabling our websites and mobile apps to function properly and cannot be disabled by our systems, which is why consent is not required prior to the implementation of this category of cookies.

Audience measurement, analytics and statistics cookies

These allow us to compile statistics and traffic and usage counts for the various pages and sections of the websites and mobile apps (number of visits, pages viewed, your journey on the websites, the links you click on, your return frequency, etc.).

The following information is helpful to us for:

  • Achieving studies and research in order to adapt the website content to suit your needs;

  • Measuring and improving the performance of our websites and mobile apps;

  • Detecting malfunctions and improving our service quality.

All data collected by these cookies is aggregated and processed statistically and not individually.

Content personalisation cookies

These allow us to improve the functionality and personalisation of our content on our websites, for example through the use of videos and instant messaging services. By accepting this category of cookies, you will be able to use these additional features and we can offer you products and services that are more tailored to you.

Social media cookies

In order to make our websites more interactive, we may use third-party services offered by social networking websites so you can share our content with your network and your friends. These services use cookies when you interact with them. They include:

  • Like and share buttons on social media (Facebook, LinkedIn, etc.);

  • Content sharing buttons on social media (Facebook, Twitter, Instagram, LinkedIn, etc.);

Third-party cookies from social networks are likely to collect your data in order to track your browsing, simply because you have kept an open session on one of these social networks from your terminal.

Advertising & commercial cookies

These cookies may be placed on your device if you have explicitly consented to receive them to identify your preferences and interests and the products viewed or purchased on our website, so that the dynamic ads displayed to you, either by POST or by our business partners, in the relevant spaces can be tailored to you. In this case, they can be used by these companies to build profiles based on your interests, in order to offer you targeted advertising on other websites as well.

These cookies only work by identifying your web browser and your device.

Our websites do not place or read any cookies on your device before you have given your consent via our "cookie configurator". You can change your decision regarding cookie management at any time via this same configurator.

When you visit the homepage of one of our websites, a dedicated cookie information banner will pop up. You will then be asked to accept all cookies embedded in the pages you visit, or to customise your cookie preferences.

Strictly necessary cookies

These cookies do not require your consent because they are essential to the technical functioning of the websites and mobile apps.

However, you can always object to said cookies being stored on your device and delete them in your browser’s configuration settings. Nevertheless, your user experience may be much less enjoyable, and you may no longer be able to access some website features.

Other categories of cookies (audience measurement, social media, personalisation, advertising)

These cookies cannot be stored used without your prior consent. If you agree to these categories of cookies being used, you can however change your choice later, by modifying your preferences at any time via the “Cookie settings” link accessible at the bottom of each page of the site.

For further information on cookie settings in the main web browsers, please read the browser software publishers’ documentation.

The retention period for cookies that we manage on our websites and mobile apps is a maximum of 13 months and varies according to the type and category of cookie used. At the end of these 13 months, a new request for consent may be made to you for the categories of cookies that require it.The cookies we manage on our websites and mobile apps cannot be stored for more than 13 months.

Data Protection Policy - POST (2024)

FAQs

How to answer a data protection interview question? ›

Their answer should outline the responsibilities and tasks of a DPO as set out by the GDPR. Under the GDPR, a Data Protection Officer is responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements.

What to put in a data protection policy? ›

They suggest you should include nine key elements in your data protection policy, including the introduction and scope, definitions, GDPR principles, how you will lawfully process data (based on one of six legal justifications), roles and responsibilities of those handling data, data breach notification procedures, ...

Who does the GDPR apply to quiz answers? ›

3 Who does GdPr affect? GDPR affects all data subjects. An individual under GDPR is known as the 'data subject'; that is, they are the subject of the data collected about them by the organisation.

What questions should I ask on the data protection Act? ›

Who needs to have access to the data? How do we make sure it's not used otherwise? How do we tell people about it and give them access to their data? How do we document all this?

What are the 7 golden rules of data protection? ›

Necessary, proportionate, relevant, adequate, accurate, timely and secure: Ensure that information you share is necessary for the purpose for which you Page 2 are sharing it, is shared only with those individuals who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely (see ...

What does GDPR mean to you interview questions? ›

The General Data Protection Regulations, or GDPR, are EU-wide laws on data protection, privacy and the handling of personal data.

What is the question GDPR applies to? ›

It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company's location.

What is data protection checklist? ›

In your list, you should include: the purposes of the processing, what kind of data you process, who has access to it in your organization, any third parties (and where they are located) that have access, what you're doing to protect the data (e.g. encryption), and when you plan to erase it (if possible).

What are the 7 general data protection regulations? ›

If your company handles personal data, it's important to understand and comply with the 7 principles of the GDPR. The principles are: Lawfulness, Fairness, and Transparency; Purpose Limitation; Data Minimisation; Accuracy; Storage Limitations; Integrity and Confidentiality; and Accountability.

What information is in a data protection policy? ›

What is a Data Protection Policy? A Data Protection Policy is a statement that sets out how your organisation protects personal data. It is a set of principles, rules and guidelines that informs how you will ensure ongoing compliance with data protection laws.

How do you explain data protection? ›

Data protection is the process of protecting sensitive information from damage, loss, or corruption. As the amount of data being created and stored has increased at an unprecedented rate, making data protection increasingly important.

How do you demonstrate knowledge of data protection? ›

Maintain records of processing activities: Organisations must maintain detailed records of all GDPR compliance activities, including data protection audits, policies and procedures, training, and reviews. These records can be used to demonstrate compliance to data protection authorities if required.

What is data protection with example? ›

Data protection is the process of safeguarding important data from corruption, compromise or loss and providing the capability to restore the data to a functional state should something happen to render the data inaccessible or unusable.

Why do you want to work in data protection? ›

In Data Protection and Privacy, there is the opportunity to grow and take on responsibility from the first day in a challenging but rewarding environment. There is also the need to follow developments in data protection and privacy, maintaining a professional expertise and personal interest in these subjects.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Melvina Ondricka

Last Updated:

Views: 5998

Rating: 4.8 / 5 (48 voted)

Reviews: 87% of readers found this page helpful

Author information

Name: Melvina Ondricka

Birthday: 2000-12-23

Address: Suite 382 139 Shaniqua Locks, Paulaborough, UT 90498

Phone: +636383657021

Job: Dynamic Government Specialist

Hobby: Kite flying, Watching movies, Knitting, Model building, Reading, Wood carving, Paintball

Introduction: My name is Melvina Ondricka, I am a helpful, fancy, friendly, innocent, outstanding, courageous, thoughtful person who loves writing and wants to share my knowledge and understanding with you.