We are pleased that you are visiting our website at www.ao-aupair.lu. Data protection and data security when using our website and services are very important to us. We would therefore like to inform you which of your personal data we collect when you visit our website and services and for what purposes it is used.
Who is responsible?
The person responsible in the sense of Luxembourg’s Law of 1 August 2018 on the organization of the National Commission for Data Protection and implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“DPA”) and the EU’s General Data Protection Regulation (“GDPR”) is Alpha Omega Au Pair Placement SÀRLS, 2 Rue Abbé François Lascombes, L-1953 Luxembourg (“Alpha Omega”, “we”, “us”, “our”).
Please direct any questions you may have to info@ao-aupair.lu, call (+352) 691 504 380 or write to us at the above address.
Principles of data processing
a) Personal data
Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior.
b) What is Special Category Data?
Special Category Data means Personal Data that needs more protection because it is sensitive. This includes among others data concerning health and medical information. In order to lawfully process Special Category Data, it is necessary to consent to the processing.
c) Processing
The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis.
d) Legal basis
In accordance with the DPA and the GDPR, we have to have at least one of the following legal bases to process your Personal Data: i) you have given your consent, ii) the data is necessary for the fulfillment of a contract / pre-contractual measures, iii) the data is necessary for the fulfillment of a legal obligation, or iv) the data is necessary to protect our legitimate interests, provided that your interests are not overridden.
e) Retention and storage
We process and store your Personal Data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period exists (in particular commercial and tax law in accordance with Luxembourg’s Commercial and Fiscal Code. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.
Data we collect
a) Provision and use of the website
When you call up and use our website, we collect the personal data that your browser automatically transmits to our server. This is technically necessary for us to display our website and to ensure its stability and security. In this sense, we collect the following data: i) IP address of the requesting computer, ii) Date and time of access, iii)name and URL of the file accessed, iv) website from which the access was made (referrer URL), v) browser used and, if applicable, the operating system of your computer as well as the name of your access provider. The legal basis is our legitimate interest.
b) Hosting
The hosting services used by us for the purpose of operating our website is Amyma Web sàrl. In doing so Amyma processes inventory data, contact data, content data, usage data, meta data and communication data of customers, interested parties and visitors of our website, on the basis of our legitimate interests.
c) Cookies
We use cookies on our website. In accordance with Luxembourg’s Law of 30 May 2005 relating to specific provisions concerning the processing of personal data and the protection of privacy in the electronic communications sector, modifying provisions 88-2 and 88-4 of the Criminal Instruction Code and modifying the DPA (“ECA”) and the EU`s Privacy and Electronic Communications Directive (“PECD”) we are required to obtain your consent before placing so-called Non-Essential Cookies (Functional cookies, Analysis and Performance Cookies, Advertising Cookies or Targeting Cookies). For further information on the cookies we use, please refer to our Cookie Policy. The legal basis for processing is our legitimate interest and your consent.
d) Cookie consent
Our website uses a cookie consent management tool to obtain your consent to the storage of cookies and to document this consent. When you enter our website, the following Personal Data is transferred to us: i) Your consent(s) or revocation of your consent(s); ii) Your IP address; iii) Information about your browser; iv) Information about your device; v) Time of your visit to our website. The basis for processing is our legitimate interest.
e) Economic analyses and market research
For business reasons, we analyze the data we have on web and server traffic patterns, website interactions, browsing behavior etc. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarized and or anonymized values. For this purpose we use Google Analytics offered by Google LLC. The legal basis is our legitimate interest and your consent. For further information on our use of Google Analytics, please refer to our Cookie Policy.
f) Google reCAPTCHA
We also use Google's reCAPTCHA from Google to check whether data input is made by a human being or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as you enter our website. The legal basis for using reCAPTCHA is our legitimate interest.
g) Contacting Us
We offer you the opportunity to contact us using various methods. We collect the data you submit such as your name, email address, telephone number and your message in order to process your enquiry and respond to you. The legal basis is both your consent and contract.
h) Registration
As part of the registration process, users provide their Full Name, Email address, and their chosen password. The data provided will be used for the purposes of creating and using the account and providing and/or using our services. In the context of the use of our registration and the use of your account, the legal basis for the data processing is the fulfillment of our contractual obligations and, in individual cases, the fulfillment of our legal obligations as well as consent.
i) Customer Relationship Management System
For support, we may store the data related to our users in our customer relationship management system (CRM) provided by Enginehire. This data processing is based on our legitimate interest in providing our service.
j) Contractual Services
We process the Personal Data involved when you enter into a contract with us in order to be able to provide our contractual services. This includes in particular our support, correspondence with you, invoicing, fulfillment of our contractual, accounting and tax obligations. Accordingly, the data is processed on the basis of fulfilling our contractual obligations and our legal obligations.
k) When using our services (Host Family or Au Pair)
We process the Personal Data involved in your use of our services (Host Family or Au Pair), in order to be able to provide our services.
If you are a Host Family, we process both personal and non-personal data, including but not limited to your correspondent's First Name, Last Name, Number of Adults and Children, Age of your children, Arrival Date and Placement Duration, the reasons for hosting an Au Pair, your Au Pair History, if any, your email and phone number.
If you are an Au Pair, we process both personal and non personal data including but not limited to your email address, first name, last name, address. We also ask for details concerning our vetting, background check and interview procedures which may include your biometric ID and Passport and data obtained from Vetting, Police and Disclosure and Barring Checks, Visa or Right to work or Residence information, Safeguards and Consent, Temporary Authorizations, Linguistic Skills and Education.
Accordingly, the data is processed on the basis of fulfilling our contractual obligations, our legal obligations, your consent and your specific consent in relation to Special Category Data.
As a matter of principle, we do not process Special Category Data, unless they are part of a contractual processing.
We ensure that access by our employees to your data is only available on a need-to-know basis, restricted to specific individuals, and is logged and audited. We communicate our privacy and security guidelines to our employees and enforce privacy and protection safeguards strictly.
Further and if you are providing us with Personal Data relating to a third party, you agree a) that you have in place all necessary appropriate consents and b) that such third party has read this Privacy Policy. You agree to indemnify us in relation to all and any liabilities, penalties, fines, awards, or costs arising from your non-compliance with these requirements.
l) Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as organization of our business, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.
m) Social Media
When you visit our social media profiles, we process your actions and interactions with our profile (e.g., the content of your messages, enquiries, posts or comments that you send to us or leave on our profile or when you like or share our posts) as well as your publicly viewable profile data (e.g., your name and profile picture). Which Personal Data from your profile is publicly viewable depends on your profile settings, which you can adjust yourself in the settings of your social media account.The legal basis is our legitimate interest and your consent.
k) Marketing
If you have given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out. The legal basis for processing is the initiation of a contract, our legitimate interest and your consent.
l) Newsletter
If you have consented to receive our newsletter(s), we will use your email address and, if applicable, your name to send you information about us, our promotions, and news. You can revoke your consent to receive the newsletter(s) at any time with effect for the future. You will find the unsubscribe link at the end of each newsletter. The revocation leads to the deletion of the collected user data. Our newsletter is sent as part of processing on our behalf by MailChimp to whom we pass on your email address for this purpose.
Data Security
We undertake to protect your privacy and to treat your personal data confidentiality. In order to prevent manipulation or loss or misuse of your data stored with us, we take extensive technical and organizational security precautions which are regularly reviewed and adapted to technological progress. These include, among other things, the use of recognised encryption procedures (SSL or TLS).
However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions that are not in our area of responsibility. We have no technical influence on this. It is the user's responsibility to protect the data he or she provides against misuse by encrypting it or in any other way.
International transfers
We may transfer your Personal Data to other Companies, or Prospective Families and Partners in the relevant countries as chosen by you located both in Europe and outside the EU, including South Africa, China, Mexico, Colombia, Madagascar, Canada, Australia, and New Zealand, or with the relevant Au Pair as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer.
How we may share your Personal Data
We may share your Personal Data with our Business Partners for the purposes described in this Privacy Policy, including (but not limited to) conducting the services you request (Host Family or Au Pair), or customizing our business to better meet your needs. We share your Personal Data only with Business Partners who agree to protect and use your Personal Data solely for the purposes specified by us.
We may also disclose your Personal Data for any purpose with your consent or for law enforcement, fraud prevention or other legal actions as required by law or regulation, or if we reasonably believe that we must protect us, our customers or other business interests. Except as described above of which you will be informed in advance, we will not disclose your Personal Data.
What we do not do
Privacy rights
Under the DPA and the GDPR, you can exercise the following rights:
If you have any questions about the nature of the Personal Data we hold about you, or if you wish to exercise any of your rights, please contact us.
Updating your information and withdrawing your consent
If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing or want to withdraw any consents you have given us, please contact us.
Access Request
In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.
Complaint to a supervisory authority
The Commission Nationale pour le Protection des Données (“CNPD”) is the relevant data protection supervisory authority in Luxembourg. The CNPD is located at 15 Boulevard du Jazz, L-4370 Esch-sur-Alzette or online at www.cnpd.lu. We would, however, appreciate the chance to deal with your concerns before you approach the CNPD.
Validity
This Privacy Policy was last updated on Monday, 08th January 2024, and is the current and valid version. However, from time to time changes or a revision to this policy may be necessary. Please direct any questions you may have to info@ao-aupair.lu, call (+352) 691 504 380 or write to us at the above address.