Lëtzebuerg.ai
Last updated: March 16, 2026
Lëtzebuerg.ai (“we,” “us,” “our,” or the “Company”) is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), Luxembourg data protection law (Loi du 1er août 2018), and other applicable privacy laws.
This Privacy Policy applies to:
Lëtzebuerg.ai is the data controller responsible for your personal data. Our contact details are provided in Section 13 below.
We collect personal data that you voluntarily provide to us, including:
a) Contact Information
b) Account and Registration Information
c) Business and Commercial Information
d) Client Data for AI Services
When providing AI services, you may upload or provide data sets, documents, or other information (“Client Data”) which may contain personal data. The processing of such data is governed by our Data Processing Agreement in accordance with Article 28 GDPR.
e) Communications
f) Job Application Information
When you visit our website or use our services, we automatically collect:
a) Technical Information
b) Usage Data
c) Cookies and Tracking Technologies
We use cookies and similar technologies as described in Section 10 below.
We may receive personal data about you from:
Under the GDPR, we must have a legal basis to process your personal data. We rely on the following legal bases:
Processing is necessary to:
We process personal data where necessary for our legitimate interests, including:
We carefully balance our legitimate interests against your rights and freedoms. You have the right to object to processing based on legitimate interests.
Where required by law, we obtain your explicit consent to:
You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
We process personal data to comply with legal requirements, including:
We do not intentionally collect special categories of personal data (e.g., health data, biometric data, racial or ethnic origin) except where:
We use your personal data to:
We use your personal data to:
With appropriate legal basis, we may:
You can opt out of marketing communications at any time (see Section 8).
We use personal data to:
We process personal data to:
We use personal data to:
We may use aggregated, anonymized, or pseudonymized data derived from our services to:
This processing is conducted in a manner that prevents re-identification of individuals and complies with all applicable laws.
We engage trusted third-party service providers to support our operations, including:
All service providers are carefully selected and bound by data processing agreements that comply with Article 28 GDPR. They are authorized to process personal data only as instructed by us and for the purposes specified.
We may share personal data with:
In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, personal data may be transferred to successor entities, subject to appropriate safeguards and notice to affected individuals.
We may disclose personal data when required or permitted by law, including:
We may share personal data with third parties when you have provided explicit consent for specific purposes.
We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you with:
Lëtzebuerg.ai is based in Luxembourg (European Economic Area). However, some of our service providers and partners may be located outside the EEA, including in countries that may not provide the same level of data protection as the EEA.
When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:
We conduct Transfer Impact Assessments to evaluate risks and implement supplementary measures where necessary to ensure adequate protection.
You have the right to obtain information about safeguards in place for international transfers. Contact us using the details in Section 13.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, accounting, or reporting obligations.
Typical retention periods include:
| Data category | Retention period | Legal basis |
|---|---|---|
| Client contracts and communications | Duration of relationship + 10 years | Legal obligations (commercial law) |
| Financial and tax records | 10 years after end of financial year | Tax and accounting laws |
| Marketing contacts | Until consent withdrawn or 3 years of inactivity | Legitimate interests |
| Website analytics | 26 months | Legitimate interests |
| Job applications (unsuccessful) | 6–12 months after recruitment process | Legitimate interests |
| Security logs | 12 months | Legal obligations and legitimate interests |
| Client Data (AI projects) | As specified in service agreement | Contract |
After retention periods expire, we securely delete or anonymize personal data. Anonymized data may be retained indefinitely for statistical, research, or analytical purposes.
We may retain personal data beyond standard retention periods when required for legal proceedings, investigations, or regulatory matters.
Under the GDPR, you have the following rights regarding your personal data:
a) Right of Access (Article 15)
You have the right to obtain:
b) Right to Rectification (Article 16)
You can request correction of inaccurate or incomplete personal data.
c) Right to Erasure / “Right to be Forgotten” (Article 17)
You can request deletion of your personal data in certain circumstances:
This right is not absolute and may be limited by legal obligations or legitimate interests.
d) Right to Restriction of Processing (Article 18)
You can request temporary restriction of processing when:
e) Right to Data Portability (Article 20)
You can request to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller where:
f) Right to Object (Article 21)
You have the right to object at any time to:
g) Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significant effects, except where:
Where automated decision-making is used, we will inform you and provide meaningful information about the logic involved.
h) Right to Withdraw Consent
Where processing is based on consent, you may withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.
i) Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority, particularly in your country of residence, place of work, or where an alleged infringement occurred.
Luxembourg Supervisory Authority: Commission Nationale pour la Protection des Données (CNPD)
To exercise any of these rights, please contact us using the details in Section 13. We will respond to your request within one month of receipt, or within two months for complex requests (we will inform you of any extension).
To protect your privacy, we may need to verify your identity before responding to rights requests. We will request only the minimum information necessary for verification.
We do not charge a fee for exercising your rights unless requests are manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or refuse the request.
We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, including:
Technical Measures
Organizational Measures
For AI services, we implement additional safeguards:
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of personal data transmitted to or stored on our systems.
Cookies are small text files stored on your device when you visit our website. We also use similar technologies such as web beacons, pixels, and local storage.
a) Essential Cookies (Strictly Necessary)
Required for website operation and security. These cannot be disabled.
b) Functionality Cookies
Remember your preferences and settings.
c) Performance and Analytics Cookies
Help us understand how visitors use our website.
d) Marketing and Advertising Cookies
Used to deliver relevant advertising and measure campaign effectiveness.
Some cookies are placed by third-party services that appear on our pages, including:
These third parties have their own privacy policies governing their use of information. Note: Disabling cookies may affect website functionality.
Some browsers have a “Do Not Track” feature. Our website does not currently respond to Do Not Track signals.
For a detailed list of cookies used on our website, please visit our Cookie Policy page or contact us.
Our website may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.
We may update this Privacy Policy from time to time to reflect:
When we make material changes, we will:
We encourage you to review this Privacy Policy periodically. Continued use of our services after changes indicates acceptance of the updated policy.
For any questions concerning your data, please contact us at info@letzebuerg.ai
We aim to respond to all inquiries within 10 business days for general questions and within one month for data subject rights requests.
By using our website, engaging our services, or providing personal data to us, you acknowledge that you have read, understood, and agree to this Privacy Policy.
If you do not agree with this Privacy Policy, please do not use our services or provide personal data to us.
This Privacy Policy is provided in English. If translations are provided in other languages, the English version shall prevail in case of any inconsistency or dispute.