Last update: 10/03/2026
This Website Privacy Notice explains how the Association pour la Santé au travail des secteurs Tertiaire et Financier, a.s.b.l. (ASTF) processes personal data when you visit its website, in accordance with Regulation (EU) 2016/679 (GDPR) and the guidance of the Commission nationale pour la protection des données (CNPD).
This notice specifically covers website-related processing and complements the ASTF Data Protection Policy.
-
Data Controller
The data controller is:
L’Association pour la Santé au travail des secteurs Tertiaire et Financier, a.s.b.l. (ASTF)
15–17, avenue Gaston Diderich
L-1420 Luxembourg
Luxembourg
ASTF acts as data controller for all personal data processed through this website.
-
Data Protection Officer (DPO)
ASTF has appointed a Data Protection Officer.
DPO contact details:
Gianfranco Mei
Email:
Tel: +352 22 51 51 1
The DPO may be contacted for any questions relating to the protection of personal data or the exercise of data subject rights.
-
Categories of Personal Data Processed via the Website
3.1 Technical and usage data
When you visit the website, ASTF may collect:
- Contact forms and comments
When a message is posted using a contact or comment form, not only the data entered in the fields of these forms, but also the IP address and browser type are collected to help detect unwanted messages and comments. In the case of comments, an anonymized string created from your email address (also called hash) can be sent to the Gravatar service in order to make the profile picture you have chosen to appear publicly next to your comment. The Gravatar service’s confidentiality policy is available here: https://automattic.com/privacy/
These data are necessary to ensure website security, integrity, and proper functioning.
- Newsletter subscription form
When subscribing to the newsletter, data entered in this form is collected. All contacts registered on this software have consented to transmit their information voluntarily. All the information is available at this address: https://mailchimp.com/legal/ If you wish to unsubscribe and no longer receive newsletters, please follow the instructions and use the link at the bottom of each email.
- Audience statistics and measurements
Website:
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited.
Purpose and legal basis: Based on your consent, we use this tool to analyze website traffic, improve user experience, and optimize our content.
Data collected: Google Analytics collects information such as pages visited, session duration, device type, browser, and IP addresses (anonymized). This data may be transmitted to and stored on Google servers outside the European Union (particularly in the United States), with appropriate safeguards in compliance with GDPR.
Data retention: Analytics data is automatically deleted after 14 months.
Your rights: You can withdraw your consent and refuse tracking at any time by:
- Managing your cookie preferences via our consent banner
- Installing the Google Analytics opt-out add-on: https://tools.google.com/dlpage/gaoptout
You also have the right to access, rectify, or delete your data. To exercise these rights, please contact: .
For more information about Google’s privacy practices: https://policies.google.com/privacy
Newsletter:
This site uses the measurement tool provided by Mailchimp. This service uses cookies to generate reports on the interactions of recipients (or “users”) with newsletters sent by email. This service also collects IP addresses for geolocalization purposes. All the information is available at this address: https://mailchimp.com/legal/
- Embedded content from other websites
Articles on this site may include content embedded from other sites. Generally speaking, when third-party content is shared on the ASTF website (generally videos hosted on Youtube.com), the “cookie-free” mode is used by default. In the event that no “cookie-free” mode is available, these external websites may collect data about you, use cookies and third-party tracking tools to track your interactions with such embedded content if you have an account logged into their website.
3.2 Data provided voluntarily by users
When you contact ASTF via the website or by email, ASTF may process:
- Identification data (e.g. name)
- Contact details (e.g. email address, phone number)
- Content of your message or request
ASTF does not intentionally collect health data or other special categories of data through its website.
-
Purposes and Legal Bases of Processing
In line with CNPD guidance, ASTF processes personal data only where a valid legal basis applies.
| Purpose | Legal basis (GDPR) |
|---|---|
| Website security, technical management and logging. | Legitimate interest (Art. 6(1)(f)) |
| Responding to enquiries and communication. | Legitimate interest (Art. 6(1)(f)) |
| Managing user requests. | Legitimate interest (Art. 6(1)(f)) |
| Compliance with legal and regulatory obligations. | Legitimate interest (Art. 6(1)(c)) |
Where processing is based on consent, consent may be withdrawn at any time, without affecting the lawfulness of prior processing.
-
Cookies and Similar Technologies
The ASTF website uses cookies solely if the visitor activates them (consent via banner).
- Cookies strictly necessary
The ASTF website uses essential and default configured “technical” cookies. Without these cookies the website could not be functional.
- Functionality cookies
These cookies make it possible to personalize a user’s preferences by proposing to choose the language (French, German or English) and to adapt the display resolution (computer or mobile). The information collected does not allow a user to be personally identified or tracked.
- Comment cookies
If you leave a comment on our site, you will be asked to save your name, e-mail address and website in cookies. This is only for your convenience so that you do not have to enter this information if you write another comment later. These cookies expire automatically after one year.
- Analytics cookies
These cookies collect information relating to the consultation of the pages of the website. This data can be used to optimize the pages by improving information contained and making them easier to navigate. Analytics cookies collect anonymous information, the IP address is not known, nor any information that could identify users.
- Third-party cookies
The ASTF website does not advertise online and is therefore not exposed to targeting cookies or audience measurement. The ASTF website does not make any commercial partnerships and is therefore not exposed to affiliation and audience tracking cookies. The ASTF website does not have any ‘sharing buttons’ from any social network that may collect personal data without consent. Cookies placed on users’ devices from social networks to www.ASTF.lu are not the responsibility of the ASTF.
The use of cookies is consented when a user starts browsing and scrolling through the pages of the site. If you wish to disable cookies completely, please consult your web browser’s preferences and/or settings.
| Cookie | Duration | Description |
|---|---|---|
| wordpress_test_cookie | Session | This cookie is set by WordPress to check if your browser accepts cookies or not. It does not record any personal data. |
| pll_language | 1 year | This cookie is placed by Polylang to remember the display language of the site chosen by the user. It does not store any personal data. |
| _ga | 2 years | This cookie is set by Google Analytics to distinguish unique visitors and calculates visitor, session, and campaign data for analytics reports. |
| ga “container-id” | 2 years | Stores session state and page view counts for Google Analytics 4. |
| _gid | 24 hours | This cookie is set by Google Analytics to distinguishes users for short-term statistical analysis. |
-
Recipients of Personal Data
Personal data may be accessed by:
- authorised ASTF personnel on a need-to-know basis
- IT, hosting, and maintenance service providers acting as processors
- public authorities where required by law
All processors act under written data processing agreements in accordance with Article 28 GDPR.
-
International Data Transfers
ASTF primarily processes personal data within the European Union.
Where personal data is transferred outside the EU/EEA, such transfers are carried out in compliance with GDPR requirements and subject to appropriate safeguards, such as adequacy decisions or Standard Contractual Clauses approved by the European Commission.
-
Data Retention
Personal data collected via the website is retained only for the period necessary to achieve the purposes for which it was collected, taking into account:
- statutory retention obligations
- limitation periods
- operational needs
Technical logs are retained for limited periods, unless extended retention is required for security or legal purposes.
-
Data Subject Rights
In accordance with Articles 12 to 22 GDPR, you have the right to:
- access your personal data
- request rectification of inaccurate or incomplete data
- request erasure of your data, where applicable
- request restriction of processing
- object to processing based on legitimate interests
- withdraw consent at any time, where processing is based on consent
- request data portability, where applicable
Requests may be addressed to .
ASTF may request proof of identity to ensure secure processing of requests.
Requests are handled within one month, extendable in accordance with the GDPR.
You also have the right to lodge a complaint with the ‘Commission nationale pour la protection des données’ (CNPD):
Commission nationale pour la protection des données
15, Boulevard du Jazz
L-4370 Belvaux
Tél. : (+352) 26 10 60 -1
-
Security Measure
ASTF implements appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of personal data, in line with Article 32 GDPR.
-
Automated Decision-Making
No automated decision-making or profiling within the meaning of Article 22 GDPR is carried out via the ASTF website.
-
Updates to This Notice
This Website Privacy Notice may be updated periodically to reflect legal, regulatory, or operational changes. The latest version is always available on the ASTF website.