Legal Aspects

Any person using the information, documents, products, software and various services (collectively the 'Services') offered by this portal is deemed to have read and accepted all the terms and notices of these general conditions of use.

'Body' means the public authority, ministry, administration or other public body which alone or jointly with others is responsible for this portal.

1. User obligations

The portal is accessable via the Internet. The user declares to know the risks and accept them. He must protect himself against the effects of computer piracy by adopting an appropriate and secure computer configuration.
The State of the Grand Duchy of Luxembourg cannot be held liable for any damage that the user may suffer directly or indirectly in connection with his navigation on this portal and the use of its services as well as the websites to which he returns.
The use of the portal is free.

3. Changes to the portal

The Luxembourg State reserves the right to develop, modify or suspend, without notice, this portal for reasons of maintenance, updating or for any other reason deemed necessary.
In particular, the Luxembourg State may, at any time, withdraw, add to or clarify all or part of the information and services contained in or offered on the portal. The Luxembourg State may not be held liable for any loss or damage whatsoever, whether direct or indirect, in connection with any such changes.
 

4. General limitations of liablility

The Luxembourg State will use its best endeavours to ensure that the website is always available. However, it accepts no liability should the website become temporarily or wholly unavailable.

The Luxembourg State will use its best endeavours to ensure the security of the computer system. However, it accepts no liability if the underlying computer system is 'hacked', or if the website becomes temporarily or wholly unavailable.

The Luxembourg State will use its best endeavours to ensure that the information published on the website and on social networks is accurate. However, it may not be held liable for any omissions in connection with the update of information or forms, errors in the use of the system, coding errors or inaccuracies, or gaps, errors or inaccuracies in the information provided. The aim is to disseminate accurate, up-to-date information emanating from a variety of sources, but the Luxembourg State is unable to avoid all risks of hardware error. None of the information published on this website should be considered as exhaustive or as a commitment from the State. Explanations in layman's terms and translations are provided solely for information purposes. Only legal texts published in the Mémorial (Official Journal of the Grand Duchy of Luxembourg) shall be deemed authoritative. The information appearing on this website is of a general nature. It is not tailored to personal or specific circumstances, and therefore cannot be regarded as constituting personal, professional or legal advice to the user. If the user needs personal or specific advice, they should always consult the competent departments within the different administrative bodies.
 

5. Limitations of the portal's liability

The portal expressly cannot accept liability for any consequences, whether direct or indirect, arising from:

• incompatibility between the service offered and the equipment, applications, procedures or infrastructures of the user or of any third party;
• any security breaches caused by the user or a third party, and more generally any security breaches not directly attributable to the website;
• any errors and/or fraudulent acts committed by the user or a third party;
• any unavailability or malfunction of electronic communication systems or networks.
   

6. Links to related sites

For users' convenience, this website may contain links to other websites which they may find useful or interesting. The Luxembourg State, and more specifically the 'Body', does not systematically monitor the content of those websites. Consequently, they may not be held liable for the content of those websites, and particularly for the legality or accuracy of such content.
 

7. Intellectual property

The portal, all the elements contained therein (including the layout), and the information and services are protected by the relevant intellectual property and copyright laws.
Unless otherwise specified, the Luxembourg State grants no license or authorisation with regard to the intellectual property rights which it holds in respect of the website, the elements it contains, or the Services. In addition, no reproduction of information or Services, total or partial, in any form whatsoever and by any means whatsoever, is permitted without the prior written authorization of the Organization.
Unless otherwise indicated, the user is authorized to consult, download and print the documents and information available under the following conditions:

• the documents may only be used for personal purposes, for information and in a strictly private context;
• the documents and information cannot be modified in any way;
• documents and information cannot be distributed outside the portal.

The rights which are implicitly or explicitly granted above to the user constitute an authorization of use and in no case a transfer of rights, property or other relating to this portal.
 

8. Changes to the General Terms and Conditions of Use

These general conditions of use may be modified or supplemented at any time, without notice, depending on the modifications made to the portal, the evolution of the legislation or for any other reason deemed necessary. It is up to the user to find out about the general conditions of use of the portal, of which only the updated version accessible online is deemed to be in force. It is possible that between two uses of the portal, the particular general conditions of use may be modified and it is therefore up to the user to read them carefully before each new use.
 

9. Applicable law and courts of competent jurisdiction

All disputes concerning the use of the portal and its Services shall be governed by Luxembourg law, and the courts of the Grand Duchy of Luxembourg shall have exclusive jurisdiction to hear and settle such disputes.

A. Notice ralated to « Letzdata.lu » 

1. General information

The personal data communicated by the user are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

The Luxembourg State collects no personal data other than the IP addresses contained in the server logs. These are collected for security reasons. User consent is not required before visiting this website.

The controller for these processing operations is the Body that is responsible for this website.

Users can file claims relating to the protection of their personal data through the various communication channels available, and directly to the controller who, in this case, is the Body responsible for this website. Users can also file claims with the Body's data protection officer at the following email address: data@digital.etat.lu. Users may also refer to the National Commission for Data Protection (Commission nationale pour la protection des données), headquartered at 15, Boulevard du Jazz, L-4370 Belvaux.
 

2. Portal contact form

The information about you collected through the website contact form needs to be processed by the Body involved to deal with your request.

By filling in the form, you agree that your personal data may be processed as part of the processing of your request. Those data are retained by the Body in question for as long as needed to achieve the purpose of the processing operation(s).

As the retention period for personal data depends on the type of request, the Body will communicate the applicable retention period, or the criteria used to determine it, on request, on a case-by-case basis.

The recipient of your data is the Body responsible for processing your request. Please contact the Body you are filing your request/application with to find out who the recipients of the data in this form are.

Under the terms of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, you have the right to access, rectify and, where applicable, request the erasure of any information relating to you. You are also entitled to withdraw your consent at any time.

Additionally, unless the processing of your personal data is compulsory, you may, with legitimate reasons, oppose the processing of such data.

If you wish to exercise these rights and/or obtain a record of the information held about you, please contact the relevant Body using the contact details provided on the form. You are also entitled to file a claim with the National Commission for Data Protection (Commission nationale pour la protection des données), headquartered at 15, Boulevard du Jazz, L-4370 Belvaux.
 

3. Processing in connection with audience measurement

Certain data relating to the user's hardware and software, which are not capable of revealing the user's identity, are collected when they visit the public-domain portal. The sole purpose of collecting such data is to garner statistics on website traffic (type of browser, resolution, approximate location, and so on) in order to provide users with the best possible experience.

Under no circumstances is the user's full IP address retained. Only part of the IP address is retained for the purpose of computing overall statistics, and there is no way of identifying users.

These data are retained and hosted in Europe, in a solution provided by a subcontractor – specifically, Adobe Systems Inc. – who, as such, is subject to the same legal obligations regarding the protection of personal data, if those data were to be harvested in the future.

The data are retained for no longer than is necessary to observe how audiences evolve as a function of browser use, resolution settings or other available statistical data.

The controller for these processing operations is the Body responsible for this portal.

B. Information notice for the processing of personal data carried out in the context of the certification of the business eSpace

The purpose of the ‘Certification: business eSpace for re-use of data’ procedure is to provide access to all the functionalities necessary to submit applications for re-use of data within the framework of the law of 19 December 2025 establishing the Government Commission for Data Sovereignty (the ‘Law’).

It is aimed, in particular, at anyone wishing to access data held by public sector bodies.
 

1. Contact details of the Government Commission for Data Sovereignty and its Data Protection Officer

The Government Commission for Data Sovereignty (Commissariat du Gouvernement à la souveraineté des données - CGSD)) collects and processes data in the context of the performance of its tasks in the public interest and the legal obligations imposed on it. The contact details of the CGSD, acting in its capacity as controller, are as follows:

Government Commission for Data Sovereignty

Address: 5, rue Plaetis L-2338 Luxembourg

Tel.: +352 247-72015

E-mail address: ald@cgsd.etat.lu

If you have any questions regarding the processing of your data by the CGSD, please contact our Data Protection Officer:

• by e-mail: dpo@cgsd.etat.lu
• by post: 5, rue Plaetis, L-2338 Luxembourg.

2. The lawfulness and purposes of the processing

2.1. The lawfulness of data processing

The CGSD processes your data in the context of:

• the performance of its tasks in the public interest and legal obligations imposed on it by the legislation applicable to the exercise of its activities and tasks, in particular:
  • Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act);
  • the Law;
  • the Law of 1 December 1978 regulating the non-contentious administrative procedure and the Grand Ducal Regulation of 8 June 1979 on the procedure to be followed by State and municipal authorities;
  • the Law of 17 August 2018 on archiving;
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (‘GDPR’);
  • the applicable rules for cooperation in parliamentary investigations and/or with authorities in police, judicial and disciplinary proceedings.
• its legitimate interests or those of third parties in the following contexts:
  • the compilation of statistics and reports.

Thus, the processing of data by the CGSD is (depending on the situation) lawful pursuant to Article 6(1)(c), (e) and (f), of the GDPR and, if applicable, Article 9(2)(e), (f), (g) and (j), of the GDPR.
 

2.2. Purposes of the processing

Your data is processed for the following purposes:

• verification and, where appropriate, certification, on the basis of the documents provided, of the veracity of the data entered in the business eSpace or in any communication from the person;
• pre-filling the procedures with the CGSD, including the request for authorisation to access and re-use the data and the request to export the results;
• communications between the CGSD and the application;
• compliance management in accordance with applicable regulations, including the management of data breaches and data subjects’ requests under the GDPR;
• cooperation with the competent authorities;
• ensuring the continuity of the CGSD’s activities;
• the processing of legal files (including disputes, complaints, litigation or non-contentious, non-contentious, extra-contentious);
• the finding of irregularities and their investigation, supervision and legal proceedings;
• the monitoring of the information system in order to check the correct operation and detect operating deviations;
• compiling statistics and reports;
• the management of archives.

Please note that the data that has been certified by the CGSD will be used in all procedures with the CGSD and cannot be modified during these subsequent procedures.

Where the data is used as part of procedure lodged with the CGSD, it will be processed in accordance with the ‘Information notice for the processing of personal data carried out by the CGSD in the context of access to and re-use of the data’.
 

3. The categories of data processed, their sources and recipients

3.1. The categories of data processed

The CGSD processes the following categories of data:

• For legal persons:
  • For the person indicated as the declarant:
    • Surname, first name(s), business email address and position within the entity. It is possible to add the business phone number.
  • For persons with signing authority for the entity certifying the professional area:
    • Surname, first name(s) and position within the entity, a copy of the passport or identity document as well as the necessary evidence to demonstrate that this person has the power of signature for the entity (documents indicating the delegation of the power of signature, …).
• For natural persons making the request in their own name and on their own behalf
  • Surname, first name(s), business e-mail address and national identification number. If available, the person may indicate his/her national professional identification number and his/her activities.
• For any interlocutor:
  • data relating to communication with the natural person using the professional area (name and function of the person, timestamp and subject of the request, follow-up, action taken, statistics);
  • technical data: IP addresses, connection logs, system usage data;
  • data relating to the management of the procedure by the applicant.

The mandatory information of the application for certification shall be indicated by means of a red flag or star. The application is considered admissible when all mandatory fields have been completed. Any refusal to provide the mandatory information results in a refusal of the application for certification.
 

3.2. Sources

The person who created and completed the certification process provided the data to the CGSD. The national identification number of the person carrying out the procedure is collected from the national register of natural persons maintained by the Government IT Centre (CTIE).

3.3. Recipients

In the performance of its tasks in the public interest and the legal obligations imposed on it, the CGSD transmits your data, including by direct access, to the following categories of recipients:

• other ministries, administrations, public entities or public sector bodies, as well as international and EU entities and agencies, in particular its subcontractors;
• third parties in relation to or in contact with the CGSD, such as lawyers or experts. 

Your data may be transmitted to other recipients as far as is strictly necessary.

4. Retention period

Your data will be kept in a form that allows you to be identified for the period necessary to carry out the tasks specified above and for thirty (30) years after the deletion of the business eSpace.

The retention periods indicated above are without prejudice to possible further processing for compatible purposes, in particular for statistical or scientific research purposes or for archiving purposes in the public interest (in particular their payment and preservation by the National Archives) or for the purposes of ongoing legal proceedings.

5. The transfer of your data to a third country

Your data is normally processed within the European Economic Area. However, the CGSD may need to transfer your data to a third country (i.e. not part of the European Economic Area). Data transfers are carried out in compliance with the conditions laid down in Chapter V of the GDPR and in particular on the basis of an adequacy decision issued by the European Commission, appropriate safeguards (Article 46 of the GDPR), binding corporate rules (Article 47 of the GDPR) or pursuant to derogations for specific situations (Article 49 of the GDPR). More information about possible international transfers of your data can be obtained from the CGSD Data Protection Officer.

6. The rights of the data subject

You have the rights provided for in Articles 12 to 22 of the GDPR. You may thus, within the limits of the applicable legislation, access and obtain a copy of your data (Article 15), obtain the rectification of inaccurate or incomplete data (Article 16) and obtain the erasure of such data under the conditions laid down in Article 17. In some cases, you also have the right to restrict the processing of your data (Article 18).

Furthermore, in certain cases, you have the right to object to the processing of your data, subject to the conditions laid down in Article 21. Therefore, if there are compelling legitimate grounds that make the processing of your data necessary and override your interests, rights and freedoms, the CGSD may continue to process your data.
The processing of your data does not involve automated decision-making that produces legal effects concerning you or similarly significantly affects you.

Any communication relating to a request for information, a complaint or the exercise of your rights under the provisions of the GDPR should be addressed to the Data Protection Officer of the CGSD.

If you wish to change the information that has been certified by the CGSD (e.g. because it is no longer up-to-date), you must submit a new certification procedure to the CGSD with the amended data. Corrected information will appear in the new steps after certification validation.

7. Complaint to the National Commission for Data Protection (CNPD)

If, after contacting us, you consider that the processing of your data by constitutes a breach of the GDPR or that your rights under that regulation are not respected, you can lodge a complaint with a data protection supervisory authority, namely in Luxembourg the National Data Protection Commission (CNPD) (https://cnpd.public.lu; 15, Boulevard du Jazz, L-4370 Belvaux; Tel.: (+352) 26 10 60-1).

8. Amendments to the information notice

This information notice may be amended to take account of legal, regulatory or technical developments.