Data collected by the ABBL
In order to best serve its members, the ABBL gathers a limited set of personal data from its members.
Simple consultation of this website does not entail the collection or use of any personal data. Any collected data can only result from the proactive registration of the users of the website, for example by subscribing to a newsletter. Should it be the case, dedicated privacy clauses will then be provided to users, according to the information/service requested. Management of cookies is detailed in the Legal Notice of the ABBL.
Why do we collect data?
For the ABBL to accomplish its missions, the ABBL will mostly rely on the consent of its members to satisfy the lawful criterion enshrined in the GDPR. Failing to comply with this legal requirement for consent, an individual representing a member of the ABBL would be excluded from the core activities of the ABBL.
In certain limited circumstances, the ABBL may process personal data based on its legitimate interests, such as for instance in promoting an event not strictly limited to the members of the ABBL.
What are our legitimate interests?
Legitimate interests involve the use of personal information to achieve core missions, as defined in its statutes, without contravening the fundamental rights and freedoms of a user: the ABBL, acting as the professional organisation representing the majority of banks and other financial intermediaries/stakeholders established in Luxembourg, aims at defending, developing and fostering the professional interests of its members together with investigating any issues which may affect the financial sector. As such, it acts as the voice of the whole sector on various matters in both national and international organisations.
Who receives the data?
The ABBL is the sole recipient of the data collected, which will be securely stored in accordance with the legal requirements of the GDPR. The ABBL implements appropriate technical and organisational measures as well as the necessary safeguards designed to protect the rights and freedoms of its members by design and by default.
Note that the data of members of the ABBL working groups, technical committees and clusters will be made available only to the other members of such groups through its Membernet facility.
How long is personal data stored?
The ABBL will keep personal data only for as long as necessary to fulfil the purposes for which it was collected, having due regard to mandatory retention periods as prescribed by law. At the end of the retention period, personal data will be deleted or anonymised.
What about security?
The ABBL takes the security of personal data very seriously and therefore applies stringent technical and organisational measures to ensure that the protection of personal data is not compromised: all servers of the ABBL storing personal data are housed securely within our premises, and access to data stored on those servers is only granted over encrypted connections.
Backups are also encrypted. This prevents such data from being processed, understood, read, copied, amended or moved by any third party. Additionally, only the personal data necessary to fulfill specific, explicit and legitimate purposes will be processed and accessed strictly by a limited number of designated staff.
What are my rights?
Individuals whose data have been processed by the ABBL have a right of access to and rectification of their personal data, together with the right of erasure should they no longer wish for their personal data to be processed by the ABBL, in addition to being able to collect their personal data from the ABBL and restrict the processing of their data.
If the processing of personal data was lawfully based on consent, the user may withdraw such consent at any time by contacting us at the address set out below. In that case, access to the services and facilities of the ABBL will no longer be granted.
In the event a user wishes to make a request as to how the ABBL handles personal data, please contact us directly as described below.
How can I contact the ABBL?