Confidentiality Policy

3. Data Protection Officer (DPO)

SNCT has appointed a Data Protection Officer (DPO) in accordance with Article 37 of the GDPR.

DPO Contact Details:
Mr. Fabrice Peter
E-mail: dpo@snct.lu

4. Purposes and Legal Bases of Processing

The personal data collected by SNCT are processed for the following purposes:

• Management of appointments and customer relations
  
• Performance of technical inspections and issuance of the corresponding certificates
  
• Invoicing, administrative follow-up, and legal obligations
  
• Management of complaints, incidents, and disputes
  
• Improvement of services and internal statistics

The processing operations are based on the following legal grounds:

• Compliance with a legal obligation
  
• Performance of a contract or pre-contractual measures
  
• Legitimate interests of SNCT (security, quality, traceability)

5. Categories of Data Processed

The following data may be collected:

• Identification data (name, first name, contact details)
• Contact data (address, e-mail, phone number)
• Vehicle data (registration number, chassis number, technical characteristics, inspection history)
• Connection data (IP address, online appointment logs)
  Billing and payment data

6. Data Recipients

Personal data are accessible only to authorised employees and service providers of SNCT, within the limits of their duties and in compliance with confidentiality rules. Data may be transferred to technical processors or institutional partners under contractual agreements in accordance with Article 28 of the GDPR.

7. Data Retention Period

Personal data are kept for as long as necessary to fulfil the defined purposes, then archived in anonymised form or permanently deleted in accordance with applicable legal and regulatory requirements.
Anonymisation allows the retention of statistical or traceability information without identifying the individuals concerned.
The specific retention periods are defined in SNCT’s internal record of processing activities.

8. Data Transfers Outside the EU

Data are stored within the European Union. No transfer to a third country takes place without appropriate safeguards in accordance with Articles 44 to 49 of the GDPR.

9. Security Measures

SNCT implements appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of personal data (access controls, encryption, backups, access traceability, staff awareness).

10. Rights of Data Subjects

In accordance with the GDPR, every data subject has the following rights:

• Right of access, rectification, and erasure
• Right to restriction of processing and objection
• Right to data portability
• Right to withdraw consent at any time (where applicable)
• Right to lodge a complaint with the CNPD (www.cnpd.lu)

11. Procedure for Exercising Rights

To exercise their rights, any person may send a written request together with an identity document to:
SNCT – Data Protection Officer (DPO)
E-mail: dpo@snct.lu
or by post to the company’s registered address.

12. Review and Publication

This policy is regularly reviewed to ensure its continued compliance with legislation and SNCT’s internal practices.
The current version is published on the official website and available upon request.