Privacy Policy
Last updated: 28 April 2026. This policy explains how Lithsecure collects, uses, and protects personal data in connection with this website, in accordance with Regulation (EU) 2016/679 (GDPR) and Luxembourg Law of 1 August 2018 on the organisation of the National Commission for Data Protection.
1. Data Controller
The data controller responsible for personal data processed in connection with this website is:
Lithsecure
[USER FILLS IN: registered address]
Luxembourg
Email: bvanlith@lithsecure.lu
Telephone: +352 691 677 680
Lithsecure has not appointed a Data Protection Officer (DPO), as it does not meet the thresholds for mandatory DPO appointment under Article 37 GDPR. All data protection queries should be directed to the email address above.
2. What Personal Data We Process
2.1 Server access logs
When you visit this website, your browser automatically transmits certain technical information to our hosting provider (OVH SAS, France). This includes:
- Your IP address
- The URL of the page requested
- The date and time of the request
- Your browser type and version
- The referring URL (the page you came from, if any)
- The HTTP status code returned
This data is recorded automatically in OVH's server logs. Lithsecure does not routinely access these logs. We may access them in the event of a technical problem, a security incident, or where required by law. We do not process this data to identify individual visitors, and we do not combine it with any other data source.
2.2 Email communications
If you contact us by email (including via the mailto links on this website), we will receive and store your message along with any personal data you include in it. This typically includes your name, email address, the name of your organisation, and the contents of your enquiry.
We use this data solely to respond to your enquiry and, where relevant, to deliver the service you have requested. We do not add you to any mailing list, share your data with third parties for marketing purposes, or use it for any purpose other than responding to you and fulfilling any subsequent engagement.
2.3 No cookies, analytics, or tracking
This website does not use cookies of any kind. We do not use analytics platforms (such as Google Analytics), social media tracking pixels, advertising networks, session recording tools, or any other third-party tracking technology. No data is shared with third parties for advertising or profiling purposes.
Because we use no cookies, we are not required to display a cookie consent banner. There is nothing to consent to or opt out of.
3. Legal Bases for Processing
We process personal data only where we have a valid legal basis under GDPR Article 6:
- Server logs: Processed by OVH SAS under their own terms as a data processor. Lithsecure's access to these logs (when it occurs) is based on legitimate interest (Article 6(1)(f) GDPR) — specifically, the interest in maintaining the technical security and availability of this website.
- Email communications: Processed on the basis of legitimate interest (Article 6(1)(f) GDPR) — specifically, the mutual interest of responding to business enquiries. Where an email leads to a client engagement, further processing is on the basis of performance of a contract (Article 6(1)(b) GDPR).
We do not process any special categories of personal data (Article 9 GDPR), nor data relating to criminal convictions or offences (Article 10 GDPR).
4. Data Retention
We retain personal data only for as long as necessary for the purposes described above, or as required by applicable law.
- Server logs: Retained by OVH SAS in accordance with their data retention policy (typically 12 months). Lithsecure does not retain copies of server logs independently.
- Email enquiries (no engagement): Retained for 24 months from the date of the last communication, then deleted.
- Email correspondence relating to a client engagement: Retained for 7 years from the end of the engagement, in accordance with Luxembourg commercial law (Code de commerce, Article 16). After this period, correspondence is securely deleted.
You may request deletion of your personal data at any time by contacting us at bvanlith@lithsecure.lu. We will delete your data unless we are required by law to retain it for a longer period.
5. Third-Party Data Processors
Lithsecure uses the following third-party data processors in connection with the operation of this website:
| Processor | Country | Purpose | Safeguards |
|---|---|---|---|
| OVH SAS | France (EU) | Website hosting and server logs | EU-based processing; OVH GDPR DPA |
We do not share personal data with any other third parties, except where required to do so by law or legal process.
6. International Data Transfers
All personal data processed in connection with this website is stored within the European Economic Area (EEA). OVH SAS processes server log data in France, which is an EU member state. No personal data is transferred to countries outside the EEA.
7. Data Security
We take reasonable technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. This website is served exclusively over HTTPS (TLS encryption). Email communications are transmitted using standard email security protocols.
As a cybersecurity consultancy, we apply the same security standards to our own data handling that we recommend to our clients, including access controls, secure password management, and regular review of our data handling practices.
8. Your Rights Under GDPR
As a data subject, you have the following rights under GDPR, exercisable at no charge:
- Right of access (Article 15): You may request a copy of the personal data we hold about you.
- Right to rectification (Article 16): You may request correction of inaccurate personal data.
- Right to erasure (Article 17): You may request deletion of your personal data, subject to our legal retention obligations.
- Right to restriction of processing (Article 18): In certain circumstances, you may request that we restrict how we process your data.
- Right to data portability (Article 20): Where processing is based on your consent or a contract, you may request your data in a structured, machine-readable format.
- Right to object (Article 21): You may object to processing based on legitimate interest. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
- Rights related to automated decision-making (Article 22): We do not carry out automated decision-making or profiling.
To exercise any of these rights, contact us at bvanlith@lithsecure.lu. We will respond within 30 days. In complex cases, we may extend this period by a further two months, in which case we will inform you of the extension and the reason for it.
We may ask you to verify your identity before fulfilling a request, to protect your personal data from unauthorised disclosure.
9. Supervisory Authority
You have the right to lodge a complaint with the Luxembourg supervisory authority if you believe we have not handled your personal data correctly:
Commission nationale pour la protection des données (CNPD)
15, Boulevard du Jazz
L-4370 Belvaux
Luxembourg
Tel: +352 26 10 60 1
cnpd.public.lu
You may also lodge a complaint with the supervisory authority of your country of residence or place of work if it is within the EU/EEA. However, we would appreciate the opportunity to address any concerns directly before you contact a supervisory authority — please reach out to us first.
10. Changes to This Policy
We may update this privacy policy when our data practices change, or when required to do so by changes in applicable law. When we make material changes, we will update the date at the top of this page. We encourage you to review this policy periodically.
If you have any questions about this privacy policy or our data practices, please contact us at bvanlith@lithsecure.lu.