Privacy policy

We only collect the information you provide to us directly, such as your email address and phone number if you choose to share them through a contact form or incident report. Your IP address is automatically logged for system administration purposes, including security auditing. We do not collect any other personal information unless you explicitly choose to share it with us.

Using the Anonymous Reporting Form.

The anonymous reporting form allows you to report incidents without providing personal information. You can choose to provide an email address or phone number if you wish to be contacted regarding your request. Your IP address is automatically recorded for system administration purposes when accessing this service. If you do not use the reporting form, we will not store any information about you except your access to our website in web server logs for security auditing.

• Handling Requests: The personal data you submit through our website will be handled by GOVCERT security analysts to assist you with your request. Your data will not be shared with any third parties without your explicit permission.
• Statistical Analysis: Your IP address is stored temporarily for statistical purposes related to incident reporting and system usage analysis. This data helps us understand user traffic patterns and improve our services.
• Notification Purposes: If you provide an email address or phone number, we may use it to notify you about the status of your request or incident report.

How We Share Your Information.

We will not share your uploaded information with any third party without your explicit consent. However, in exceptional circumstances, we may consider sharing anonymized metadata related to potential incidents with partners (e.g., national and international Computer Security Incident Response Teams - CSIRTs). This information may include:

• Type of threat
• URLs, domains, and IP addresses associated with the potential incident
• Other relevant information

How We Store Your Data.

We will retain your personal data for as long as necessary to fulfill your request or comply with legal obligations. Non-personal information such as file metadata and analysis results are kept permanently.

How We Protect Your Information.

GOVCERT.LU prioritizes data security by using encryption for all communication channels. While we take every precaution to protect your information, it’s important to understand that no internet transmission or electronic storage method can be 100% secure. We remain committed to implementing the strongest possible measures to safeguard your data.

You have the following rights regarding your personal data:

• Access: You can request access to the personal data we hold about you.
• Rectification: You can request that we correct any inaccurate personal data we hold about you.
• Erasure (“Right to be forgotten”): You can request that we delete your personal data under certain circumstances.
• Restriction of processing: You can request that we restrict the processing of your personal data under certain circumstances.
• Object to processing: You can object to the processing of your personal data based on legitimate interests or direct marketing.
• Data portability: You can receive a copy of your personal data in a structured, commonly used, and machine-readable format.
• Withdrawal of consent: You can withdraw your consent for the processing of your personal data at any time.

To exercise these rights, please contact our Data Protection Officer (DPO) at dpo@govcert.etat.lu. You also have the right to lodge a complaint with the supervisory authority (Commission Nationale pour la Protection des Données).

Contact Us.

If you have any questions about this privacy policy or our data practices, please contact our DPO at dpo@govcert.etat.lu.