Ochrana údajov – GDPR

This policy describes how MIP-IT SARL, publisher of the LesAvis website (hereinafter « we »), collects, uses and protects your personal data under Regulation (EU) 2016/679 of 27 April 2016 (« GDPR ») and the Luxembourgian Law of 1 August 2018 on the protection of natural persons with regard to the processing of personal data.

1. Data controller

MIP-IT SARL

68, Hauptstrooss
L-9753 Heinerscheid
Grand Duchy of Luxembourg

Phone : +352 26 95 71 23

VAT : LU24434338

RCS : B157744

Business permit : 10010728/0

For any data protection enquiry, please contact us via the site's contact form or by postal mail to the address above, specifying « Personal data » in the subject.

2. Data collected

We strictly collect the data necessary for the purposes described below :

  • User account : pseudonym/first name, e-mail address, hashed password, profile picture (optional).
  • Account via third-party provider (Google, Facebook, Apple) : the unique identifier provided by the service, public name and e-mail address where applicable.
  • Published reviews : text content, rating, experience date, order reference (optional), language of publication.
  • Technical data : IP address, session identifier, browser type, pages visited (for security and fraud prevention).
  • Cookies : see the dedicated section below.
  • Communications : content of messages sent via the contact form.

3. Purposes and legal basis

  • Providing the service (publishing and displaying reviews, managing accounts) : performance of the contract (art. 6 §1 b GDPR).
  • Company ownership verification : performance of the contract with the company.
  • Fighting abuse, fake reviews and spam : legitimate interest (art. 6 §1 f GDPR).
  • Anonymised usage statistics : legitimate interest.
  • Service communications (review confirmation, notifications) : performance of the contract.
  • Non strictly necessary cookies : consent (art. 6 §1 a GDPR), revocable at any time.

4. Retention period

  • User account : as long as the account is active. Deletion on request.
  • Published reviews : kept as long as relevant to other users. The author's name is removed when the account is deleted (reviews anonymised).
  • Technical data (logs) : 12 months maximum.
  • Contact data : 24 months after the last exchange.
  • Accounting/tax data : 10 years (Luxembourgian legal obligation).

5. Recipients of your data

Your data is never sold. It may be shared with :

  • Our technical processors (hosting, e-mail delivery, site preview) bound by an art. 28 GDPR-compliant contract ;
  • The authentication providers you choose (Google, Facebook, Apple) when signing in via those services ;
  • The competent authorities in case of legal request.

6. Transfers outside the European Union

Your data is stored and processed within the European Union. Should a processor need to transfer it outside the EU, the transfer would be governed by the European Commission's standard contractual clauses or by an adequacy decision.

7. Your rights

Under articles 15 to 22 of the GDPR, you have the following rights :

  • Right of access : obtain confirmation that data concerning you is being processed and receive a copy of it.
  • Right of rectification : have inaccurate or incomplete data corrected.
  • Right to erasure (« right to be forgotten ») : request deletion of your data, subject to legal retention obligations.
  • Right to restriction : request suspension of processing while a check is carried out.
  • Right to portability : receive your data in a structured, machine-readable format.
  • Right to object : object to processing based on a legitimate interest.
  • Right to withdraw consent at any time, without affecting the lawfulness of prior processing.
  • Right to give directives regarding the fate of your data after your death.

To exercise these rights, contact us via the site's contact form or by postal mail. A reply will be provided within a maximum of one month.

8. Cookies

We use the following types of cookies :

  • Strictly necessary cookies : user session, CSRF protection, language preference. No consent required.
  • Preference cookies : remember your interface choices. Subject to your consent.
  • Audience measurement cookies (where enabled) : anonymised visit counting. Subject to your consent.

You can at any time configure or delete cookies via your browser settings.

9. Security

We implement appropriate technical and organisational measures to protect your data against loss, disclosure, unauthorised access or destruction : TLS encryption of exchanges, password hashing, access control, regular backups.

10. Minors

The service is not intended for persons under the age of 16. If we are notified of an account belonging to a minor, we will delete it.

11. Complaint to the supervisory authority

If, after contacting us, you consider that your rights are not respected, you may lodge a complaint with the National Commission for Data Protection (CNPD) :

Commission nationale pour la protection des données

15, boulevard du Jazz
L-4370 Belvaux
Grand Duchy of Luxembourg

Official site : cnpd.public.lu

12. Policy updates

We may update this policy to reflect regulatory changes or changes to the service. The last update date is indicated below.

Last update : 19 May 2026