Data Protection Policy

LPEA DATA PROTECTION POLICY

This data protection policy (the “Data Protection Policy”) of the Luxembourg Private Equity & Venture Capital Association (“LPEA”) sets out the rules and procedures as to the collection, processing and transmission of personal data as defined in the General Data Protection Regulation (EU) 2017/69 of the European Parliament and of the Council of 27 April 2016 (“GDPR”).

1. LPEA is the association for the Luxembourg private equity and venture capital industry. As such, it reunites professionals working inside this specific industry (“LPEA’s Constituency”). It is incorporated as non-for-profit association under the Luxembourg Trade and Companies Register.

2. The goals of the LPEA are to promote the industry domestically and internationally, to give a voice to the industry vis-à-vis public authorities, to provide for networking opportunities to professionals working in the industry and to foster community building within the private equity and venture capital industry.

3. The collection and processing of personal data of professionals active in the private equity and venture capital industry (the “Data Subjects”) shall be deemed a legitimate interest in accordance with GDPR in as much as the collection and processing occurs within the strict limits of LPEA’s goals specified in Article 2 of this Data Protection Policy.

4. Personal data that is collected concerns the first name, last name, company or organization for which an individual works, function or title within a company or organization, office address, membership status, email address, telephone number. Not all of these fields are complete for every contact and which of the above data fields LPEA holds on each of its contacts depends on what information was available at the time of collection. No personal data shall be collected that are, by their nature, particularly sensitive in relation to fundamental rights and freedoms and merit specific protection. Where applicable, LPEA collects data on participation in our events, or our members participation in our working groups and technical committees.

5. For the purposes of newsletter communications, the necessary collected personal data are processed by Wild Apricot Inc. (the “Data Processor”) in compliance with GDPR and are not transmitted to third parties.

6. LPEA handles personal data relating to LPEA members and other stakeholders of the LPEA Constituency, based on the legitimate interest to manage the relationship with LPEA members, in particular for membership administration, networking and sharing the information with other members or official or public bodies, setting up a directory and making it available (on LPEA’s website), and for marketing purposes relating to our events and information about our activities.

7. Any collection and processing of personal data by LPEA is such that it can be reasonably expected by the concerned individuals within the LPEA Constituency and shall be kept to the strict minimum necessary for the purposes of pursuing the goals as specified in Article 2 of this Data Protection Policy.

8. Personal data is stored in accordance with legal obligations or during the period necessary for the purposes for which they were collected. LPEA takes reasonable and appropriate technical and organizational security measures to store personal data in secure databases or systems with restricted access and protects them against loss, accidental or intentional misuse, alteration, destruction and access by unauthorized persons.

9. Data Subjects have the right to access, modify and delete collected data concerning him / her individually from the databases of the LPEA. To do so, the Data Subjects can send an email to LPEA (lpea-office@lpea.lu) or remotely access, modify and delete data concerning them individually through a password-protected website (http://lpea.wildapricot.org/). A possibility to unsubscribe from the LPEA newsletter is provided by default in form of an “Unsubscribe” button at the end of each newsletter.

10. A periodic review of the collected personal data shall be carried out to determine and delete data entries pertaining to individuals who are no longer within LPEA’s Constituency.

Updated on 24th May 2018