Information note on personal data protection - Wifi

Personal data protection

Introduction 1. Who is the controller? 2. Which categories of personal data are processed and for what purposes? 3. How do we collect, process and use your data? 4. Who has access to your data? 5. Where are your data processed? Are your data transferred? 6. How long do we store your data? 7. What are your rights in relation to your personal data? 8. How do you contact us and exercise your rights? 9. How do we update this information notice?
Introduction 1. Qui est le responsable du traitement ? 2. Quelles catégories de données à caractère personnel sont traitées et pour quelles finalités ? 3. Comment collectons, traitons, utilisons-nous vos données ? 4. Qui a accès à vos données ? 5. Où vos données sont-elles traitées, vos données sont-elles transférées ? 6. Pendant combien de temps conservons-nous vos données ? 7. Quels sont vos droits à l’égard de vos données à caractère personnel ? 8. Comment nous contacter et exercer vos droits ? 9. Comment mettons-nous à jour la présente notice d’information ?
Introduction 1. Qui est le responsable du traitement ? 2. Quelles catégories de données à caractère personnel sont traitées et pour quelles finalités ? 3. Comment collectons, traitons, utilisons-nous vos données ? 4. Qui a accès à vos données ? 5. Où vos données sont-elles traitées, vos données sont-elles transférées ? 6. Pendant combien de temps conservons-nous vos données ? 7. Quels sont vos droits à l’égard de vos données à caractère personnel ? 8. Comment nous contacter et exercer vos droits ? 9. Comment mettons-nous à jour la présente notice d’information ?
Introduction 1. Who is the controller? 2. What categories of personal data are processed and for what purpose? 3. How do we collect, process and use your data? 4. How long do we keep your data? 5. Who can access your data? 6. Where do we process your data and where do we transfer them? 7. What are your rights regarding your personal data? 8. How to contact us and how to exercise your rights? 9. How do we update this information note?
Introduction 1. Qui est responsable du traitement ? 2. Quelles catégories de données à caractère personnel sont traitées et pour quelles finalités ? 3. Comment collectons, traitons, utilisons-nous vos données ? 4. Qui a accès à vos données ? 5. Pendant combien de temps conservons-nous vos données ? 6. Quels sont vos droits à l'égard de vos données à caractère personnel ? 7. Comment nous contacter et exercer vos droits ? 8. Comment mettons-nous à jour la présente notice d'information ?
Introduction 1. Who is the controller? 2. What categories of personal data are processed and for what purpose? 3. How do we collect, process and use your data? 4. Who can access your data? 5. How long do we keep your data? 6. What are your rights regarding your personal data? 7. How to contact us and how to exercise your rights? 8. How do we update this information note?
Introduction 1. Who is the controller? 2. Which categories of personal data are processed and for what purposes? 3. How do we collect, process and use your data? 4. How long do we store your data? 5. Who can access your data? 6. Where do we process your data? Is your data transferred? 7. What are your rights in relation to your personal data? 8. How do you contact us and exercise your rights? 9. How do we update this information notice?
Introduction 1. Qui est le responsable du traitement ? 2. Quelles catégories de données à caractère personnel sont traitées et pour quelles finalités ? 3. Comment collectons, traitons, utilisons-nous vos données ? 4. Pendant combien de temps conservons-nous vos données ? 5. Où vos données sont-elles traitées ? Vos données sont-elles transférées ? 6. Quels sont vos droits à l'égard de vos données à caractère personnel ? 7. Comment nous contacter et exercer vos droits ?
Introduction 1. Who is the controller? 2. Which categories of personal data are processed and for what purposes? 3. How do we collect, process and use your data? 4. How long do we keep your data? 5. Who can access your data? 6. What are your rights regarding your personal data? 7. How to contact us and how to exercice your rights?
Introduction 1. Who is the controller? 2. What categories of personal data are processed and for what purpose? 3. How do we collect, process, and use your data? 4. Who can access your data? 5. How long do we keep your data? 6. What are your rights regarding your personal data? 7. How to contact us and how to exercise your rights?
Modify your choice relating to cookies Information note on personal data protection - Cookies 1. What is a cookie? 2. Who is the controller? 3. Which are the cookies used and for what purposes are they in place? 4. Where do we process your data and where do we transfer them? 5. What are your rights? 6. How to contact us and how to exercise your rights

Introduction

The customer is placed at the centre of the CFL's concerns.

For this reason, naturally, the protection of your personal data is a priority for the CFL, for each entity of the CFL Group structure respectively, which may process your personal data for the purposes of its activity.

This information notice provides you with the necessary information and explains to you how we collect, use, share, store and protect your personal information. It also informs you of your rights and how to exercise them.

1. Who is the controller?

The Société Nationale des Chemins de Fer Luxembourgeois (Luxembourg National Railway Company, CFL), 16 boulevard d'Avranches, BP 1803, L-1160 Luxembourg, registered with the Luxembourg Trade and Companies Register under number B59025, is the Controller of your personal data processed by us.

In this capacity, we are responsible for the way in which we collect, use, share, store and protect your personal data.

2. Which categories of personal data are processed and for what purposes?

To provide you with access to the GG WiFi network, we collect and process the following data:

data connexion
- your MAC address,
- your dynamic IP address,
- your localisation data,
- dates and times of connnection to the Wifi.

These personal data are collected for security purposes of the Wifi service.

3. How do we collect, process and use your data?

When you first connect, your mobile device will be identified and will automatically authenticate itself each time you connect. The purpose of this automatic authentication is to allow you to use the Wifi network provided by CFL throughout your journey without interruption. Thus, each time your Wifi is activated on your equipment, it will automatically authenticate itself without any action on your part, even if you connect to it a few days later.

This service is available three months after your last connection. After this period, you will have to re-identify your mobile equipment.

In addition, you can remove this automatic authentication by setting up your mobile equipment in your settings.
The collection and processing of your data are:

in accordance with the current regulations on the protection of personal data, including the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016), the related Guidelines and the national laws implementing the GDPR, where appropriate,
and legally justified by an interest recognized as legitimate.

4. How long do we store your data?

The connection data (logs) are kept for 6 months for security purposes.

The identification data (MAC address, IP address) are kept for 3 months from your last connection in order to allow you to be automatically authenticated each time you travel.

5. Who can access your data?

We make sure to take any appropriate technical and organisational measures to protect the security of your personal data, in particular their confidentiality, integrity and availability.

These data will be or could be shared with some of our internal departments in strict compliance with the missions these departments have been entrusted with:

the Unit Legal affairs and Insurances (Division Juridique et Assurances),
IT service,
The Unit Data Protection,
Direction members.

Some external service providers may have access to specific personal data in the framework of maintenance tasks carried out upon the request of the competent services of the CFL. Personal data will not be transferred on this occasion.

We contractually impose on our service providers to safeguard the security and the confidentiality of your personal data by means of appropriate technical and organisational measures complying with laws and regulations.

6. Where do we process your data? Is your data transferred?

CFL may transfer your personal data to judicial authorities and the police for the purpose of establishing an offence committed by you or another person.

7. What are your rights in relation to your personal data?

Under the conditions provided for in the regulations, you have the right:

of access to the personal data we hold concerning you,
of rectification of the data if they are inaccurate or incomplete,
of erasure in certain cases, such as, for example, whenever your data are no longer necessary for the purpose pursued and we don't have any contractual or legal obligation to store data anymore,
to request the restriction of processing of your personal data, such as for example the restriction of processing of data of which you contest the accuracy, for the period enabling us to verify your request,
to request the portability of your personal data in order to transmit your personal data to you in a structured, commonly used, readable format or to have them transferred to another controller,
to withdraw your consent at any time to the processing of your personal data without this affecting the lawfulness of processing based on the consent given prior to withdrawal (unless the processing has a legal basis other than your consent),
to object to the processing of your data based solely on the pursuit of our legitimate interests or to prohibit us from processing them, including for direct marketing,
to lodge a complaint with the competent personal data protection authority of your country and/or the Grand Duchy of Luxembourg
(Commission Nationale Pour la Protection des Données – CNPD, 15, Boulevard du Jazz, L-4370 Belvaux – https://cnpd.public.lu/en ).

8. How do you contact us and exercise your rights?

You can send your questions relating to the processing of your personal data and/or exercise your rights set out above for the attention of the Data Protection Officer (DPO) of the CFL:

on our website www.cfl.lu or clicking the link http://gdpr.cfl.lu,
or by post for the attention of the Data Protection Officer (DPO), Société Nationale des Chemins de Fer Luxembourgeois, 16 boulevard d'Avranches, BP 1803, L-1160 Luxembourg.

Any complaint relating to the processing of your personal data can be addressed to postal address above or to the supervisory authority of the Grand Duchy of Luxembourg, the Commission Nationale Pour la Protection des Données – CNPD, 15, Boulevard du Jazz, L-4370 Belvaux. https://cnpd.public.lu/en

9. How do we update this information notice?

To ensure optimum compliance with the current regulations, we undertake to update the present information notice whenever necessary.