Data protection policy

POST attaches great importance to protecting your privacy and is aware of how important it is to you.

Foreword

POST does everything possible to ensure to provide its clients with a confident service by processing your data in a transparent way as well as in strict compliance with applicable regulations in accordance with your own preferences.

How to contact us?

Personal data collected by POST websites and/or mobile apps is subject to automated processing. The data controller responsible for such processing is:

POST Luxembourg

POST Télécom SA

  • POST Télécom SA / RCS Luxembourg : B43290 / VAT : LU 15558109
  • 1, rue Emile Bian – L-1235 Luxembourg
  • Telephone : 8002 8004
  • E-mail : contact.telecom@post.lu

Other contact details

Data Protection Officer (DPO)’s details:

  • POST Luxembourg – DPO, 20 rue de Reims, L-2417 Luxembourg

  • E-mail : privacy@post.lu

Data protection

Answers to your questions 

When you use its websites or mobile applications, POST may collect your personal data in different locations or at different times when:

  • You browse pages on a POST website or mobile app;

  • You subscribe to one of our news feeds (newsletters, RSS feeds, notifications, etc.);

  • You create your personal account in the MyPost app (“My account” section);

  • When you contact us (“Contact” section);

  • You fill out an order form for an online purchase;

  • You apply for a job (“Join us” or “Careers” section);

  • You give us your opinion on our products & services;

  • You participate in a survey or competition.

POST makes sure to only collect data that is strictly required for providing the services you want to use.

POST may also have cause to collect certain personal data that is indirectly related to you:

  • By purchasing files from third-party organisations with which you may be connected, if you have previously consented to share your data with such organisations;

  • By using Open Data files.

When POST uses your data obtained from these types of files, you will be notified when contact is first made.

The personal data we collect from you when you browse POST websites or use POST mobile apps will primarily be used by the internal departments at POST that are authorised to process it. Nevertheless, it may be sent:

  • to the processing companies that POST uses to deliver certain services, such as, for example, the hosting and operating of websites, the sending of our newsletter, and the management, processing and payment of your online purchases;

  • to postal services and overseas customs services when you send letters and/or parcels to another country;

  • to companies instructed by the Luxembourg regulator to provide universal telephone directory and enquiry services, unless you have expressed an objection to your number being published by these services;

  • to business partners, provided that you have consented to being contacted by them.

POST may be required to transfer some of your personal data to a third party at the request of the judicial authorities or any other administrative authority empowered by law.

In addition, POST ensures that any transfer of your personal data to authorised third parties will not result in your data being transferred to a country located outside of the European Union without taking appropriate additional protective measures, seeking in particular to ensure you can exercise your rights.

Personal data collected and processed by POST will only be retained for a period that is strictly necessary to achieve the stated processing objectives and to ensure compliance with a legal obligation imposed by the applicable legislation.

As such, depending on the type of data processed and the purposes envisaged, POST’s retention period will be:

  • no more than six months from the date on which the data is recorded by POST, for data processed for traceability purposes, for logical security or for the proper functioning of IT applications and networks;

  • no more than 13 months from the point of creation, for cookies and other trackers managed by POST websites or mobile apps;

  • no more than two years after your most recent contact with POST, for data processed in respect of a job application;

  • no more than three years as of the date of data collection by POST or after your most recent contact with POST, for data processed for marketing purposes;

  • no more than three years from the end of your business relationship with POST, for data processed for marketing campaign purposes and/or to promote POST’s or its partners’ offers;

  • no more than 10 years from the end of your business relationship with POST, for data related to contractual (agreements, guarantees, complaints, debt collection and litigation, etc.) or accounting aspects (billing, order forms, delivery receipts, etc.).

POST implements appropriate and reasonable security measures in light of the risks posed by the processing carried out in order to protect your data against destruction, loss, modification, disclosure or unauthorised access and any other form of illegal processing.

All POST employees and processors with access to your personal data as part of their jobs are bound by strict confidentiality obligations. They only access the data they need to do their job and are regularly made aware of and trained on the compliance and security rules applicable to your personal data.

The security measures applied to our websites and mobile apps are periodically checked and tested by teams from the POST CyberForce department.

In addition, in the event of a Personal Data breach likely to result in a risk to your rights and freedoms, POST undertakes to comply with its obligation to notify the CNPD of said Personal Data breaches.

Where POST processes your personal data, you may exercise the following rights at any time and to the extent permitted by law:

  • To be informed of the processing of your personal data by POST;

  • To access your personal data (to know which data has been collected and processed and to obtain a copy), ask for them to be corrected if they are incorrect or incomplete, ask for them to be erased if they are outdated;

  • To refuse to allow them to be processed for legitimate reasons (in particular for marketing purposes);

  • If the prior conditions are met, to request that the processing of your personal data be restricted or that your data be erased entirely (right to be forgotten);

  • To request a copy of the personal data you have provided to POST in a structured format (data portability), unless this infringes the rights and freedoms of third parties;

  • To request that your data not be included in decisions based entirely on automated processing, including profiling, when such decisions would have legal ramifications relating to you or affect you significantly in a similar fashion. You can also ask for the logic behind the automated processing to be clarified in order to be able to contest it and request that it be reviewed by an individual;

  • To withdraw your consent to processing based on the latter at any time.

You can exercise one of these rights free of charge by contacting the POST DPO (see “Contacts” section).

So that we can respond to your request securely and prevent any identity fraud, you may be asked to provide proof of identity.

POST undertakes to respond within no more than one month following receipt of your duly completed request.

You can also file a complaint with the National Commission for Data Protection (CNPD) on their website: www.cnpd.lu

The personal data we collect from you when you browse POST websites or use POST mobile apps is subject to computer processing for at least one of the following purposes:

  • To provide you with the service or information requested;

  • To manage your business relationship with POST;

  • To process, track and fulfill your orders when you make purchases on our websites or mobile apps;

  • To compile statistics and analyses on traffic to and browsing of the proposed web pages and sections, in order to understand how you interact with our websites and improve the quality of services we offer you as a result;

  • To notify you about POST and partner products, events, offers and services when you subscribe to these news feeds (newsletter, RSS feeds etc.);

  • To customise how the websites function to your preferences (language, display preferences, etc.);

  • To offer personalised and targeted content (products and services) based on your interests, pages you have already visited, and your purchase history;

  • To give you access to tailored offers and benefits as part of our loyalty scheme, if you sign up;

  • To send you advertising, subject to obtaining your prior consent;

  • To maintain secure access to your personal data and detect any hacking attempts;

  • To obtain your opinions through surveys in which you can choose to participate;

  • To manage the competitions or lotteries organised by POST, if you decide to take part in them;

  • To process your applications if you apply for one of the job vacancies published by POST.

For each of the purposes indicated above, the processing of your personal data is based:

  • On the fact that it is necessary for the performance of an agreement concluded between you and POST, or for the performance of pre-contractual measures taken at your request;

  • On the fact that it is required for compliance with a legal obligation to which POST is subject;

  • On the fact that you have consented to processing;

  • On an interest recognised as legitimate for POST (fraud prevention, data and infrastructure security, etc.).

POST ensures that your personal data is processed in a way that is fully compatible with the purposes indicated above. In the event of further processing of your data for a purpose other than that initially provided for, all necessary information will be sent to you in advance. You may then object to this further processing.

Your “personal data” refers to all information that relates to you as a natural person and which can be used to identify you, directly or indirectly.

The personal data that POST is likely to collect or process when you browse its websites or use its mobile apps is:

  • Basic identification data, such as your first names and surnames, your date and place of birth, your postal address, your e-mail address, and your phone numbers, etc.;

  • Technical connection and navigation data, such as your device’s IP address, the time and date of your connection, the pages visited, the characteristics of your browser (type, language, etc.) and your device (type, resolution, etc)., the username/password you use to log in, cookies, etc.;

  • Personal data, such as your family status, the composition of your household, your lifestyle, hobbies, etc.;

  • Bank details, such as your account number, your IBAN, your beneficiaries’ bank details, the identification details for your payment methods, etc.;

  • Professional data (data that would be usually included in a CV when you apply for a job);

  • Geolocation data;

  • Publication data, such as your areas of interest, opinions, comments, notes, messages posted in community and social forums and features of websites or mobile apps;

  • Behavioural data, such as your purchase history.

Some of the information collected is required to achieve the abovementioned objectives, whereas other information is optional. You will be systematically notified whether information is required or optional when it is collected. If you do not fill in certain required fields, this may prevent POST from providing you with the relevant product or service, or from ensuring it is of the expected quality.

Whatever the aim pursued and justifying the processing of your personal data, no “sensitive data” as referred to by the regulation will be handled during the course of your customer relationship with POST.

Cookie management

Answers to your questions

A cookie is a small file generally made up of letters and numbers sent by the internet server and saved to your device (PC, tablet or smartphone) via your web browser (Google Chrome, Mozilla Firefox, Microsoft Internet Explorer or Edge, Apple Safari, Opera, etc.).

Some cookies are stored directly by the websites you visit. Others, known as “third-party cookies” are stored by the website’s partners (social networks, advertising networks etc.).

Most cookies store technical information relating to your browsing history on a particular website (language settings, screen size and resolution, connection time, pages visited, IP address, etc.) to enable that website to “recognise” your device throughout your interaction with it.

They are generally required to enable the website to function properly (saving your session, your shopping basket, remembering your favourites, etc.), but they also serve to analyse your browsing behaviour on the website, optimising your experience and showing you personalised content such as articles, offers, search suggestions or targeted advertising in line with your preferences, if you wish.

Please note that sharing your device with other people is likely to have an impact on the personalisation the cookies we use can offer and consequently on their effectiveness in terms of your individual preferences.

Our websites and our mobile apps may use a range of cookies to better customise how they function, by interacting with your user profile.

Our websites and mobile apps primarily use five types of cookies:

Strictly necessary cookies

These make it possible to use the main functions of the websites and/or mobile apps, such as remembering your device’s display preferences (language, display settings) based on the graphic charter, the device type and the viewing and screen reading software that you use (internet browser type) and to take this into account during subsequent visits.

They also allow us to link the various pages consulted together so as to enable a seamless browsing experience.

They mean we can manage your user session once you have been identified, as well as the content of your shopping basket if applicable.

These cookies are essential to enabling our websites and mobile apps to function properly and cannot be disabled by our systems.

Audience measurement, analytics and statistics cookies

These allow us to compile statistics and traffic and usage counts for the various pages and sections of the websites and mobile apps (number of visits, pages viewed, your journey on the websites, the links you click on, your return frequency, etc.).

The following information is helpful to us:

  • for research in order to adapt the website content to suit your needs;

  • for measuring and improving the performance of our websites and mobile apps;

  • for detecting malfunctions and improving our service quality.

All data collected by these cookies is aggregated and anonymised. 

Content personalisation cookies

These allow us to improve the functionality and personalisation of our content on our websites, for example through the use of videos and instant messaging services. By accepting this category of cookies, you will be able to use these additional features and we can offer you products and services that are more tailored to you.

Social media cookies

In order to make our websites more interactive, we may use third-party services offered by social networking websites so you can share our content with your network and your friends. These services use cookies when you interact with them. They include:

  • Like and share buttons on social media (Facebook, LinkedIn, etc.);

  • Content sharing buttons on social media (Facebook, Twitter, Instagram, LinkedIn, etc.);

Advertising & commercial cookies

These cookies may be placed on your device if you have explicitly consented to receive them to identify your preferences and interests and the products viewed or purchased on our website, so that the dynamic ads displayed to you, either by POST or by our business partners, in the relevant spaces can be tailored to you. In this case, they can be used by these companies to build profiles on your interests, in order to offer you targeted advertising on other websites as well.

These cookies only work by identifying your web browser and your device.

Our websites do not place or read any cookies on your device before you have given your consent via our “cookie settings”.

When you visit the homepage of one of our websites, a dedicated cookie information banner will pop up. You will then be asked to accept all cookies embedded in the pages you visit, or to customise your cookie preferences.

Strictly necessary cookies

These cookies do not require your consent because they are essential to the technical functioning of the websites and mobile apps.

However, you can always object to said cookies being stored on your device and delete them in your browser’s configuration settings. Nevertheless, your user experience may be much less enjoyable, and you may no longer be able to access some website features.

Other categories of cookies (audience measurement, social media, personalisation, advertising)

These cookies cannot be stored used without your prior consent. If you agree to these categories of cookies being used, you have the option to change your decision at a later date, by editing your preferences at any time via our “cookie settings”.

For further information on cookie settings in the main web browsers, please read the browser software publishers’ documentation.

The cookies we manage on our websites and mobile apps cannot be stored for more than 13 months.