Logo
frptdeen

Privacy Policy

Last updated: 2026-05-28 23:29:59

Introduction

This Privacy Policy describes how FORMA ("we", "the Controller") collects, uses, stores and protects personal data in accordance with Regulation (EU) 2016/679 (GDPR), Luxembourg law of 1 August 2018, and applicable ePrivacy rules.

1. Data controller

Legal name: FORMA. Luxembourg RCS: B123456. VAT number: LU12345678. Registered address: 14 rue de la Gare, L-1616 Luxembourg. Email: contact@forma.lu. Phone: +352 621 000 000.

2. Data collected

We process identity data (name, email, phone), project data (description, commune, technical attachments), connection data (IP, logs, cookies subject to consent), and session metadata (secure resume tokens).

3. Purposes and legal bases

Contract/pre-contractual steps (Art. 6(1)(b) GDPR): technical qualification, quotes, appointment scheduling. Legitimate interest (Art. 6(1)(f)): platform security and fraud prevention. Consent (Art. 6(1)(a)): analytics/marketing cookies where required. Legal obligation (Art. 6(1)(c)): accounting and tax retention.

4. Hosting and processors

Data is hosted on Cloudflare infrastructure (EU/appropriate safeguards). Technical subprocessors (email, calendar, CRM) are bound by GDPR Article 28 data processing agreements.

5. Retention periods

Lead data: duration of the commercial relationship plus 5 years. Technical logs: 12 months. Cookies: as stated in the consent banner.

6. Your rights

You may exercise access, rectification, erasure, restriction, objection, portability and withdrawal of consent by contacting contact@forma.lu. You may lodge a complaint with the CNPD (Luxembourg): cnpd.public.lu.

7. Transfers outside the EEA

Where transfers occur outside the European Economic Area, we rely on Standard Contractual Clauses or an adequacy decision recognised by the European Commission.

8. Security measures

Organisational and technical measures include TLS encryption, multi-tenant isolation, access controls and logging of sensitive operations.