Privacy Policy
How LEGTECH collects, uses, and protects your personal data. Last updated: April 2025.
1. Data Controller
LEGTECH sàrl
29 Boulevard de la Grande-Duchesse Charlotte
L-1331 Luxembourg
RCS: B279705 | VAT: LU35256940
Email: privacy@legtech.lu
LEGTECH sàrl ("LEGTECH", "we", "us") is the data controller responsible for the processing of your personal data when you use our website dev.legtech.lu and our services.
2. Data We Collect
We collect the following categories of personal data:
2.1 Data you provide directly
- Contact form submissions — name, email address, subject, and message content
- Business inquiries — company name, role, and project details you share with us
2.2 Data collected automatically
- Technical data — IP address, browser type, operating system, referring URL
- Usage data — pages visited, timestamps, session duration
- Cookie data — theme preferences, GDPR consent status (see Section 4)
2.3 Data we do NOT collect
We do not collect financial data, health data, biometric data, or any special category data as defined under GDPR Article 9. We do not use tracking pixels from third-party advertising networks.
3. Purpose & Legal Basis
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Responding to contact inquiries | Name, email, message | Art. 6(1)(b) — Pre-contractual measures |
| Website functionality & preferences | Theme cookie, consent cookie | Art. 6(1)(a) — Consent |
| Website security & abuse prevention | IP address, user agent | Art. 6(1)(f) — Legitimate interest |
| Analytics (page visit tracking) | Page URL, IP, timestamp | Art. 6(1)(a) — Consent |
5. Data Retention
- Contact form data — retained for 24 months after the last communication, then deleted
- Page visit logs — retained for 12 months, then automatically purged
- GDPR consent records — retained for 36 months as proof of consent (legal obligation)
- Cookies — expire as described in Section 4 above
6. Your Rights Under GDPR
As a data subject, you have the following rights under the General Data Protection Regulation:
Right of Access
Request a copy of all personal data we hold about you (Art. 15)
Right to Rectification
Request correction of inaccurate personal data (Art. 16)
Right to Erasure
Request deletion of your personal data ("right to be forgotten") (Art. 17)
Right to Restrict Processing
Request limitation of processing in certain circumstances (Art. 18)
Right to Data Portability
Receive your data in a structured, machine-readable format (Art. 20)
Right to Object
Object to processing based on legitimate interests (Art. 21)
Right to Withdraw Consent
Withdraw consent at any time without affecting prior processing (Art. 7(3))
Right to Lodge a Complaint
File a complaint with the CNPD — Luxembourg's supervisory authority (Art. 77)
To exercise any of these rights, contact us at privacy@legtech.lu. We will respond within 30 days.
8. Security Measures
As a cybersecurity company, we implement industry-leading measures to protect your data:
- TLS/SSL encryption for all data in transit
- Encrypted database storage
- Regular security audits and vulnerability assessments
- Access controls and principle of least privilege
- Server infrastructure located in Luxembourg
9. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. For significant changes, we will provide a prominent notice on our website.
10. Contact & Data Protection Officer
For any privacy-related questions or requests:
Data Protection Officer
LEGTECH sàrl
29 Boulevard de la Grande-Duchesse Charlotte
L-1331 Luxembourg
Email: privacy@legtech.lu
Supervisory Authority
Commission Nationale pour la Protection des Données (CNPD)
15, Boulevard du Jazz
L-4370 Belvaux, Luxembourg
Website: cnpd.public.lu