This Privacy Policy outlines how personal data is collected and processed through the website https://nc3.lu , which is operated by the National Cybersecurity Competence Center Luxembourg (NC3). NC3 is part of Luxembourg House of Cybersecurity (LHC).

We collect and process personal data in accordance with the applicable data protection legislations such as, but not limited to, Regulation (EU) 2016/679 on the protection of natural persons with regards to the processing of their personal data and the free movement of such data (“GDPR”) and the national law adopting GDPR.

It may occur that we change or amend our Privacy Policy in order to ensure that its content accurately reflects regulatory developments. Any such modification, if substantial, will be clearly communicated to you, either via the website or via other appropriate means. The latest applicable version will be available on our website.

Should you have any questions or remarks regarding this Privacy Policy, do not hesitate to contact us at privacy@lhc.lu .

By “personal data” we understand any information that can identify you, both directly and indirectly.

By “processing” we refer to anything we do with such personal data, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

By “data controller” we understand the person responsible for the processing of your personal data, this is the entity which determines the means and purpose of the processing activities. For our website and all related services, the data controller is: Luxembourg House of Cybersecurity g.i.e., 122, Rue Adolphe Fischer, L-1521 Luxembourg Grand-Duchy of Luxembourg Tel: (+352) 274 00 98 601

Email: privacy@lhc.lu .

When you are surfing our website, we collect and process web server logs, including IP addresses, user-agents, URLs, date and time logs. We collect those logs for our legitimate interest as these logs enable the technical and functional management of our website. Furthermore, we analyse the data to ensure the optimal security of our website.

When you contact us by mail, we process your contact information and any other details you provide us. We will use these details, if provided, for further case management and to facilitate our ticket system. In that case, we collect personal data for the public interest, to help our constituency handle security incidents (e.g. help with compromised websites).

Luxembourg House of Cybersecurity offers different services, where each service has its dedicated website and conditions of use.

We confirm that we process your personal data in a fair and lawful manner and only for the explicit and legitimate purposes as above-mentioned. At all times, we strive to ensure that your personal data is adequate, relevant and not excessive in relation to the purposes for which they are processed.

In case you enter and use one of the websites that are link to this website, personal data will be processed according to the privacy policies of these respective networks.

Luxembourg House of Cybersecurity uses analytics tools to collect usage information to improve the functioning of the website. In particular, such tools may collect the following usage information: partial IP address, operating system, browser and plugins, the type of device used to visit the website, behaviour on the website (visited webpages, searches) and the origin of entry.

Such analytics tools do not use any cookies.

All stored usage information remains in Luxembourg House of Cybersecurity infrastructure, where the analytics tool is installed, and potentially on its related backup system.

In no circumstances, we keep your personal data for a longer period than strictly necessary to fulfil the purpose for which it was collected.

As the retention period is dependent on the purpose for which the personal data were initially collected, the purpose is the criterion that is used to determine the appropriate retention period.

After the expiry of the retention period, we strive to securely erase, destroy or anonymize personal data that is no longer required in relation to the purpose for which they were collected.

However, if requested by local and national law, certain personal data may be retained for a longer period. For instance, for accounting purposes, such as but limited to, payment of the services fees and no-show fee for free events, data will be retained for the time required by the national law and for no longer than ten years.

We formally confirm that we will not sell, rent or otherwise commercially transfer to or share with a third party any personal data.

The data submitted will only be made available to Luxembourg House of Cybersecurity personnel for the above-mentioned purposes.

As our web server is hosted and managed in Luxembourg, your personal data is in no circumstances transferred to third countries outside the EU.

We are striving to keep your personal data secure. To that end, we have adopted the appropriate legal, organizational and technical precautions to prevent any unauthorised access and use of your personal data. These measures include, but are not limited to the encryption of all traffic between our website and your browser.

At Luxembourg House of Cybersecurity, we aim to be transparent, not only about how we process personal data about you, but also about your rights that are linked to such processing.

In particular, you have the right to access your personal data, to obtain the updating, the adjustment and the erasure of the personal data and you can exercise the rights to restrict and to object the processing. You can exercise the rights provided by articles 15 and the following of the GDPR contacting the following email address privacy@lhc.lu . In order to avoid unlawful access to your personal data, we will request you to provide a proof of your identity. If you have any queries about this Privacy Notice or experiencing any other privacy issue, we are striving to promptly dealing with any privacy-related complaints. If you have a complaint related to the processing of your personal data by Luxembourg House of Cybersecurity, please contact us.