Privacy notice training

Homepage | Privacy notice training

The purpose of this privacy notice is to inform you about how your personal data is collected, processed and protected in the context of our training programmes, in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter the “GDPR”) and the Luxembourg law of 1 August 2018 on the organisation of the Commission nationale pour la protection des données and the general data protection framework.

This notice applies to any natural person whose data is collected by MGSI in connection with a training programme, whether the Client, the Participant or their representatives, within the meaning of the general terms and conditions of sale of training of MGSI.

Your data may be collected directly from you or transmitted to us by your employer or any mandating entity in the context of your registration for the training programme.

  1. Identity of the data controller

MGSI S.à r.l., a limited liability company incorporated under Luxembourg law, registered with the Luxembourg Trade and Companies Register under number B192771, with its registered office at 52a Waistrooss, L-5495 Wintrange, Luxembourg, represented by Mélanie Gagnon, in her capacity as manager (hereinafter “MGSI”).

  1. Data processed

When you register for or participate in our training programmes, we may process the following categories of personal data:

  • Personal identification data: surname, first name, postal address, position, company;
  • Electronic identification data: telephone number, e-mail address;
  • Financial data: bank details, billing information;
  • Data relating to professional interests: training choice, targeted certifications, areas of interest;
  1. Purposes and legal bases for processing

We use your data for the following purposes:

  • Management of registrations and training follow-up — legal basis: performance of a contract (Article 6.1.b GDPR). This processing is necessary for the performance of our respective contractual obligations.
  • Sending our newsletter — legal basis: legitimate interest of MGSI (Article 6.1.f GDPR). The legitimate interest pursued is communication about our activities and client retention. You may object at any time (see section 8).
  • Publication of testimonials or feedback on our website, brochures and/or promotional materials — legal basis: consent (Article 6.1.a GDPR). You may withdraw your consent at any time.
  1. Data retention periods

Your personal data relating to registration and training follow-up is retained for a period of ten (10) years from the end of the financial year in which the training was delivered, in accordance with the retention obligations applicable to INFPC-accredited training organisations. After this period, your data is deleted or anonymised.

Your data used for sending our newsletter is retained for three (3) years from the end of the commercial relationship, unless you agree to receive it for a longer period.

  1. Data location

We store your personal data within the European Union. However, in the context of training programmes preparing for IAPP certification, the Participant’s e-mail address is transmitted to the International Association of Privacy Professionals (IAPP), based in the United States, in order to activate the Participant’s IAPP membership. This transfer is occasional, strictly necessary for the performance of the training contract and limited to the Participant’s e-mail address only (Article 49.1.b GDPR).

  1. Sub-processing and recipients

We may share your personal data with:

  • our internal trainers, within MGSI;
  • our third-party trainers acting on behalf of MGSI in the context of the training;
  • certification bodies (in particular IAPP), where the training prepares for a certification and the transmission is necessary for registration or examination purposes;
  • our digital tools and platform providers (LMS platform, video conferencing), as sub-processors, to the extent necessary for the delivery of the training.

These recipients are bound by confidentiality and data protection obligations.

  1. Data security

MGSI implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR. These measures aim to protect your data against any unauthorised access, disclosure, alteration or accidental or unlawful destruction.

  1. Your rights

In accordance with Regulation (EU) 2016/679 (GDPR), you have the following rights:

  • Right of access: obtain confirmation that we process your data and obtain a copy thereof;
  • Right to rectification: request the correction of inaccurate or incomplete data;
  • Right to erasure: request the deletion of your data, subject to our legal retention obligations;
  • Right to restriction: request that we restrict certain processing in the cases provided for by the GDPR;
  • Right to data portability: receive your data in a structured, commonly used and machine-readable format;
  • Right to object: object at any time to processing based on legitimate interest, in particular to the receipt of our newsletter by clicking the unsubscribe link in each message;
  • Right to withdraw consent: withdraw at any time the consent given for processing based on Article 6.1.a GDPR without affecting the lawfulness of processing carried out prior to such withdrawal;
  • Right to lodge a complaint: lodge a complaint with the Commission nationale pour la protection des données (CNPD), the Luxembourg supervisory authority.
  1. Contact

If you have any questions about this notice or your personal data, or if you wish to exercise your rights, you may contact us:

  • By e-mail: privacy@mgsi.lu
  • By post: MGSI S.à r.l., 52a Waistrooss, L-5495 Wintrange, Luxembourg