Privacy Policy

The data controller responsible for the processing of your personal data is:

We may collect and process the following categories of personal data:

• Identification data: name, surname, date of birth, nationality.
• Contact data: email address, postal address, phone number.
• Professional data: occupation, employer, role, business sector, CV.
• Membership data: membership status, participation in events, mentoring records.
• Communication data: messages, enquiries and correspondence with us.
• Technical data: IP address, browser type, device, pages visited, cookies.

We process your personal data for the following purposes, based on the legal grounds provided by Article 6 GDPR:

• Membership administration — performance of a contract (Art. 6(1)(b)).
• Organising events, mentoring and capacity-building activities — performance of a contract or legitimate interests (Art. 6(1)(b)/(f)).
• Newsletters and communications — your consent (Art. 6(1)(a)), revocable at any time.
• Compliance with legal obligations — accounting, reporting and statutory duties (Art. 6(1)(c)).
• Website operation, security and analytics — our legitimate interests (Art. 6(1)(f)).

Your personal data is only accessible to authorised LEBA staff, board members and volunteers on a need-to-know basis. We may share data with:

• Trusted service providers (IT hosting, email, payment, analytics) acting as processors under a Data Processing Agreement.
• Project partners, only when strictly necessary and with appropriate safeguards.
• Public authorities, where required by law.

We do not sell your personal data.

Where personal data is transferred outside the European Economic Area (EEA), we ensure an adequate level of protection through European Commission adequacy decisions, Standard Contractual Clauses, or other safeguards permitted by Chapter V of the GDPR.

We retain personal data only for as long as necessary for the purposes described above and to comply with our legal obligations. Membership records are typically kept for the duration of the membership and for up to 10 years thereafter for legal and accounting purposes. Newsletter data is kept until you withdraw consent.

You have the following rights regarding your personal data:

• Access (Art. 15) — obtain a copy of your data.
• Rectification (Art. 16) — correct inaccurate or incomplete data.
• Erasure (Art. 17) — request deletion ("right to be forgotten").
• Restriction (Art. 18) — limit how we use your data.
• Portability (Art. 20) — receive your data in a structured, machine-readable format.
• Objection (Art. 21) — object to processing based on legitimate interests.
• Withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise these rights, contact us at info@leba.lu. You also have the right to lodge a complaint with the Luxembourg supervisory authority — the Commission nationale pour la protection des données (CNPD), cnpd.public.lu.

Our website uses strictly necessary cookies to function properly and, with your consent, analytics cookies to understand how visitors use our site. You can manage or withdraw your cookie preferences at any time through your browser settings.

We implement appropriate technical and organisational measures — including encryption in transit, access controls and regular review — to protect your personal data against unauthorised access, loss, alteration or disclosure.

Our services are intended for individuals aged 18 and over. We do not knowingly collect personal data from children. If you believe a minor has provided us with personal data, please contact us so we can delete it.

We may update this Privacy Policy from time to time. The latest version will always be available on this page with the updated revision date. Material changes will be communicated to members where appropriate.

For any question regarding this Privacy Policy or the processing of your personal data, please contact us at info@leba.lu or by post at the address listed above.