Skip to main content

Privacy Policy

1. INTRODUCTION

The International Bankers Club Luxembourg (hereafter “IBC“) was established in 1972 to bring together the management of banks and financial institutions established in Luxembourg and develop the dialog between their executives.

The cautious processing and the protection of your personal data is very important to us. With the entry into force of the EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”), we would like to inform you about the use and processing of your personal data within our association and your rights as a data subject in this regard.

This privacy policy (“Policy“) sets out how IBC will use (which terms include processing operations like recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing, aligning, combining, restricting, erasing, destroying) (“process“) your personal data.

For the avoidance of doubt, personal data processed and covered by this Policy will include personal data of the members of IBC [as well as personal data of other individuals (including, but not limited to representatives of the members of IBC and individuals who manifested their interest in the association)], which personal data are provided by the members of IBC in the course of the membership with IBC and which IBC will deal with in the course of operating the association. Since this Policy only applies to natural persons, it is the members of IBC responsibility to ensure that any of their representatives whose personal data are provided to us are aware of their rights in this regard and are provided with a copy of this.

For the purpose of this Policy:

  • the terms “controller”, “personal data”, “data subject” and any other term expressly defined in article 4 of the GDPR shall have the meaning given to these terms in article 4 of the GDPR; any reference to “we” and “us” shall refer to the International Bankers Club Luxembourg.
  • Please note that this Policy may be subject to changes.

2. IDENTITY OF THE CONTROLLER OF YOUR PERSONAL DATA

The data controller and the point of contact for the processing of your personal data is: International Bankers Club Luxembourg (IBC)

To the attention of: office@bankersclub.lu

3. PERSONAL DATA CATEGORIES AND SOURCES OF PERSONAL DATA

We collect information about you from a number of sources, including from you directly, from the forms and any associated documentation that you complete when becoming of member of IBC, or when you provide information to us in correspondence and conversations.

We will also collect information about you that we obtain from others (such as publicly available and accessible directories and sources, or information generated automatically when you use or otherwise interact with our systems).

Where we collect personal data from you, we will indicate if the provision of your personal data is purely voluntary, in which case there will be no implications for you if you do not wish to provide us with it.

Some of the personal data we request is necessary for us to fulfill our missions as an association. If you do not wish to provide us with this personal information, we may decide not to accept you as a member of our association.

Examples for the categories of personal data, which can be processed by us, are:

  • Personal identification data, such as name, date of birth and contact details,
  • Electronic identification data,
  • Professional data, such as information in regard to your employment, educational background or qualification,
  • Visual and audio material, such as pictures or recordings from events;

We do not collect any personal information from users accessing our website. The public areas of the website can be accessed anonymously. Only aggregate data, such as the number of hits per page, are collected and used for internal statistical purposes only. They do not allow personal identification.

4. LAWFUL BASIS AND PURPOSE OF THE PROCESSING

We are collecting and processing your personal data for the purpose of our legitimate interests provided that our legitimate interests are not overridden by your interests, fundamental rights or freedoms.

Our legitimate interests are:

  • to receive your membership contributions,
  • to maintain a list of members,
  • to communicate with you,
  • to maintain our website,
  • to promote and organize events,

We may also process personal data to fulfill our core missions as an association.

When adhering to IBC, you accept to receive our newsletters and event promotions.

You can opt out of receiving these newsletters and/or events information at any time by contacting us at the address indicated in point 2 above.

5. CATEGORIES OF RECIPIENTS OF YOUR DATA

We are, in principle, the sole recipient of your personal data.

However, we may appoint service provider[s] in the IT sector as data processor[s] in order to perform certain tasks on behalf of the association. In this case, the transfer is based on a legitimate ground (see section 4 above) and respects the requirements of the GDPR. We perform checks on the third parties we choose for the processing and assess the providers’ compliance with GDPR.

We will not sell or transfer your personal data to any other association or company.

6. TRANSFER TO THIRD COUNTRIES

Your personal data will not be transferred outside the European Economic Area.

7. PROFILING AND AUTOMATED DECISION-MAKING

IBC does not use profiling or automated decision-making.

8. STORAGE OF PERSONAL DATA

In accordance with the GDPR principles and in particular article 5 of the GDPR (which lists the core principles relating to the processing of personal data), we will keep your personal data only for as long as necessary to fulfill the purposes for which it was collected for, having due regard to mandatory retention periods as prescribed by law. At the end of the retention period, your personal data will be deleted or anonymised.

In principle, we will retain your personal data for a period of one year following the termination of your involvement with IBC.

Also, we may need to retain information and records for a certain period of time to protect our association, and defend ourselves against potential legal claims, or allegations of wrongdoing.

9. YOUR RIGHTS AS A DATA SUBJECT

You have certain rights under the GDPR:

  • the right to access your personal data, including the right to ask for a copy of your personal data where it does not adversely affect the rights and freedoms of others (please note that if you request any further hard copies later on, we may charge you a reasonable fee based on administrative costs);
  • the right to have incomplete or inaccurate personal data corrected (including by means of providing a supplementary statement);
  • In some limited circumstances:

i. the right to object to the use of your personal data (where processing is based on IBC’s legitimate interest),

ii. the right to restrict the use of your personal data,

iii. the right to require us to erase / delete your personal data. Please note that if we process your personal data in particular to comply with a legal obligation, we will not be able to respond positively to your request,

iv. the right to receive personal data which you have provided to us in a structured, commonly used and machine-readable format and the right to transmit those data to another data controller. Please note that this right to data portability only arises where: (a) the processing is based on consent or on a contract; and (b) the processing is carried out by automated means, and (c) it does not adversely affect the rights and freedoms of others. It also only applies to the data that you have provided to us.

Such rights can be exercised by contacting us using the contact details stated in section 2 of this Policy. We will respond to you as swiftly as possible.

We take your concerns very seriously. We encourage you to bring it to our attention if you have any concerns about our processing your personal data.

This Policy was drafted with simplicity and clarity in mind. We are, of course, happy to provide any further information or explanation needed. Our contact details are stated in section 2 of this Policy.

Finally, you also have the right to ask questions or lodge a complaint about our processing of your personal data with the relevant data protection authority. You can complain in the EU member state where you live or work, or in the place where the alleged breach of data protection law has taken place. In Luxembourg, the relevant data protection authority is the Commission Nationale pour la Protection des Données.