top of page
Key In Door

Privacy Policy

Trust is the foundation of HALTO –

and that includes handling your data with care.
In this privacy policy, we explain in a clear and accessible way which personal data we process, why we do so,

and how we protect your information.

Privacy Policy of HALTO a.s.b.l.

 

1. Data Controller

The organisation responsible for processing your personal data is:
HALTO a.s.b.l.
Email: info@halto.lu

 

2. What is this policy about?

In this Privacy Policy, we explain:

  • which personal data we process

  • the purposes for which we process it

  • the legal basis for doing so

  • and your rights in relation to your data

“We” refers to HALTO a.s.b.l.
“You” refers to all individuals whose data we process, for example:

  • people interested in HALTO or contacting us

  • members and founding members

  • volunteers / companions

  • participants in meetings, activities and events

  • individuals receiving our newsletter or other information

 

3. What data do we process?

Depending on the situation, we process the following categories of personal data:

3.1 General contact details

  • First name and surname

  • Postal address

  • Email address

  • Telephone number

3.2 Association and organisational data

  • Membership information (e.g. joining date, status, involvement)

  • Information about your role (e.g. volunteer, caregiver, professional)

  • Participation in meetings, activities and events

  • Communication records (e.g. emails, contact form enquiries)

3.3 Sensitive data (special categories of personal data)

In some cases, individuals voluntarily share information that requires particular protection, such as:

  • information about health or disability

  • details regarding support needs in daily life

  • information about family situations related to care

We kindly ask you to share only such sensitive information as is strictly necessary.
If you provide such data, we treat it with particular care.

 

4. For what purposes do we process your data?

We process your data for the following purposes:

  1. Contact and responding to enquiries

    • when you contact us via email, telephone or forms

  2. Organisation of association activities

    • managing members and founding members

    • invitations to general assemblies and internal meetings

    • minutes and internal documentation in line with our statutes

  3. Planning and delivery of activities

    • organising CareMeet, CareShare, CareBreak or CareSupport activities

    • planning events, meetings, discussion groups or information sessions

    • managing registrations and participation

  4. Communication and information

    • sending updates about HALTO (e.g. invitations, news, newsletters – where requested)

    • responding to questions and maintaining communication

  5. Security, organisation and traceability

    • maintaining internal lists and records (e.g. participation tracking)

    • protecting our systems and your data (e.g. access control and permissions)

 

5. On what legal basis do we process your data?

Depending on the situation, we rely on the following legal bases under the GDPR:

  1. Contract or association-related relationship (Art. 6(1)(b) GDPR)

    • if you are or wish to become a member

    • if you collaborate with us as a volunteer

    • if you register for an activity we organise

  2. Legitimate interests (Art. 6(1)(f) GDPR)

    • for the internal organisation of the association

    • for secure communication and appropriate documentation

    • provided your interests or fundamental rights do not override these

  3. Consent (Art. 6(1)(a) GDPR)

    • for example, if you wish to receive our newsletter

    • if you voluntarily provide sensitive information not strictly required

You may withdraw your consent at any time with effect for the future (see “Your rights”).

  1. Special categories of personal data (Art. 9 GDPR)

    • sensitive data (e.g. relating to health or disability) are processed only if

      • you provide them voluntarily, and

      • they are necessary or helpful for the specific support or organisation
        (Art. 9(2)(a) GDPR – consent).

 

6. Who has access to your data?

6.1 Within HALTO

Within the association, only those individuals who require access for their role will process your data, for example:

  • board members or coordination team members

  • individuals organising specific activities (e.g. CareMeet, CareShare)

  • trusted persons, if you explicitly reach out to them

Access is always limited to what is necessary.

6.2 Service providers (data processors)

We use external service providers where necessary, such as:

  • email and website hosting

  • cloud or document storage solutions

  • tools for scheduling or online meetings

Where required, we conclude data processing agreements with these providers in accordance with Art. 28 GDPR.

  • Website hosting: WIX

6.3 No data sharing for marketing purposes

We do not sell your data and do not share it with third parties for marketing purposes.

 

7. Are data transferred to third countries?

We generally aim to store and process data in Luxembourg or within the European Union.

If, in individual cases, data are transferred outside the EU/EEA, we ensure that:

  • an adequacy decision by the European Commission is in place, or

  • appropriate safeguards exist (e.g. standard contractual clauses),

and we will inform you accordingly.

 

8. How long do we store your data?

We retain personal data only as long as necessary for the relevant purposes, and longer only where required by law.

Typical retention periods:

  • Membership data: for the duration of membership and applicable legal retention periods

  • Event/activity data: as long as needed for documentation, accounting or traceability, then deleted or anonymised

  • Newsletter distribution lists: until you unsubscribe or we discontinue the service

  • Contact enquiries: until fully resolved, plus a reasonable follow-up period

If you request deletion and no legal obligations prevent it, we will delete your data earlier (see “Your rights”).

 

9. Your rights as a data subject

Under the GDPR, you have the following rights:

  1. Right of access

  2. Right to rectification

  3. Right to erasure (“right to be forgotten”)

  4. Right to restriction of processing

  5. Right to data portability

  6. Right to object

  7. Right to withdraw consent

To exercise your rights, you can contact us at any time:
HALTO a.s.b.l.
Email: info@halto.lu
Postal address: Commune d’Useldange

 

10. Right to lodge a complaint

If you believe your data are processed in violation of the GDPR, you have the right to lodge a complaint with the supervisory authority:

Commission nationale pour la protection des données (CNPD)
15, Boulevard du Jazz
L-4370 Belvaux
Email: info@cnpd.lu
Website: cnpd.public.lu

 

11. Is providing data mandatory?

For membership, participation in activities or specific support, certain data are required (e.g. name, contact details).

Without these, we may not be able to provide the service.
Providing additional information, especially sensitive data, is generally voluntary.

 

12. Data security

We implement technical and organisational measures to protect your data, including:

  • access controls and permission management

  • secure passwords and, where possible, two-factor authentication

  • regular system updates

  • awareness and training regarding confidentiality

Please note that no internet transmission is completely secure. We do our best to minimise risks and handle your data responsibly.

 

13. Changes to this Privacy Policy

This Privacy Policy may be updated to reflect changes in our services, legal requirements or technical processes.

The latest version is available at:
www.halto.lu/datenschutz

 

Version date: January 2026

bottom of page