As part of the Research Project “Power System Information Transparency for Households in Lëtzebuerg!” (LetzPower!2), personal data will be collected, processed, and analysed to achieve the scientific objectives of the Research Project.
Name, family name, email address, gender, age, nationality, household setting (e.g., family, single, couple, etc.), household size, highest degree, occupation, yearly gross income of household, tenure of housing, LetzPower application usage statistic, electric vehicle ownership, photovoltaic ownership, battery/charging station ownership, electric heating ownership, experience with dynamic retail tariffs, and electricity consumption profiles via the Smarty+ devices you own or provided proactively by you using a secure file sender solution (Restena Filesender).
We collect personal data directly from you via the LetzPower application and from third parties (electricity consumption profiles via the Smarty+ infrastructure – managed and controlled by Creos via the assistance of Nexxtlab). Creos is the Luxembourgish grid operator that provides and maintains the grid infrastructure by which you receive electricity. Nexxtlab takes the role of a subcontractor of Creos as they operate the Smarty+ device and associated data services. We will access your consumption data (upon your consent and activation of LetzPower! as a third-party service provider) via a secure data access service from Nexxtlab. As a fallback option, in case the Smarty+ infrastructure is experiencing downtime or is not available, we require you to provide your consumption profiles after the experiment through a secure transfer service called FileSender and Provided by Restena Foundation (https://www.restena.lu/en/service/filesender). We will instruct you accordingly via email and provide a step-by-step guide on how to provide us with the relevant data.
All necessary procedures and precautions will be taken to maintain the confidentiality of research participants.
We collect and use your data to address the research questions that the Research Project aims to tackle; this may involve writing dissertations or reports, storing and analysing the data, and publishing our research results.
Your data may also be important after this Research Project for other research on electricity consumption analysis. This includes energy research activities of the FINATRAX research group and the Energy Lab of the SnT (https://www.uni.lu/snt- en/facilities/energylab/). Please indicate in the consent form within the experiment registration form of the LetzPower! smartphone application, whether you agree to this.
Please note that, subject to your consent, we process your contact information in order to compensate your participation to the Research Project via the distribution of gift vouchers.
Your personal data relating to the Research Project will be processed in accordance with the General Data Protection Regulation (GDPR) and the Luxembourg Act of 1 August 2018 on Data Protection. The legal basis for the processing of your personal data in the context of the Research Project is laid down in Article 6 (1) a) GDPR:
The data subject has given consent to the processing of his or her personal data for one or more specific purposes. If you decide to participate the processing of your personal data necessary for conducting this research project, will be based on your consent. Moreover, the processing of your personal data for the purposes of the distribution of the gift voucher in order to compensate you for your contribution will be also based on your consent.
The research mission of the University is laid down in the Act of 27 June 2018 concerning the organisation of the University of Luxembourg.
Who is responsible for the processing of my personal data?
The data controller in respect of the processing of your data is the University of Luxembourg, a public institution for higher education and research, whose registered office is at 2 place de l’Université, L-4365 Esch-sur-Alzette, Luxembourg, acting for the the Interdisciplinary Center of Security, Reliability and Trust (SnT) and more specifically its Department of Digital Financial Services and Cross-Organisational Digital Transformations (FINATRAX).
If you have any requests concerning the processing of your personal data you can contact the University of Luxembourg’s Data Protection Officer by email at dpo@uni.lu, or by post at the following address:
UNIVERSITÉ DU LUXEMBOURG
Data Protection Officer Maison du Savoir
2, place de l’Université L-4365 Esch-sur-Alzette
Please note that Creos acts as processor of the University in the course of this Research Project with regards to providing the platform, with the assistance of NexxtLab, in order to make available the data collected via Smarty+ to the research team of the University. NexxtLab acts as subprocessor for this purpose.
Contact details:
Creos Luxembourg S.A., 105, rue de Strassen, L-2555 LUXEMBOURG Email: dpo@creos.net
Nexxtlab, 12 Av. du Swing, L-4367 Esch-sur-Alzette
How do we protect your personal data?
In order to protect the confidentiality of your data, you will only be identified by a code number (or pseudonym) in the data analysis and in any reports or publications that will be produced by the research team during and after this Research Project.
Please indicate in the consent form below whether you agree to this. If you prefer not to consent, you are totally free; however, you cannot take part in the Research Project as consumption profiles are part of scientific publications.
Please note that the potential use of FileSender of Restena as fallback option ensures end-to-end encryption of your data. This signifies that Restena will not have access to your data and to the encryption key.
SnT will use pseudonymized data to evaluate the treatment effects of the LetzPower! smartphone application.
Your identifiable data will be deleted latest by the 28th February 2026.
SnT will store the anonymized data for 10 years following the end of research project (meaning the first research publication).
The recipients of your personal data are:
Researchers at the University of Luxembourg which are involved in this Research Project and are conducting energy-related research in the FINATRAX research group or as part of the SnT’s Energy Lab.
The research project uses the Firebase authentication services that processes your email address and application password in the United States of America (USA). You can find more information at: https://firebase.google.com/docs/auth
Consequently, your data will be transferred outside the European Economic Area to third countries which may have a different data protection or privacy regime, and so may not always protect personal data to the same standard as within the European Economic Area. Nevertheless, in July 2023 the European Commission has adopted an adequacy decision for the EU-US Data Privacy Framework (DPF). This means that the EU considers the US to provide an adequate level of protection for personal data transferred to participating US companies. Firebase is a Google Services and Google has certified to adhere to the Data Privacy Framework principles as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from the EEA. Further information is provided here: https://firebase.google.com/support/privacy. In addition the University will take
appropriate measures to protect your personal data, such as encrypting your email address and application password as features proposed by Firebase.
You will have the right to access and rectify your personal data. In certain cases (in accordance with the conditions set out by the General Data Protection Regulation (Regulation (EU) 2016/679)), you will also have the right to object to the way in which your data is used, to request that your data be deleted, to ask to restrict certain aspects of the processing of your data and to retrieve your data to forward it to a third party (right to data portability). You also have the right to withdraw your consent to the use of your data at any time. This applies both to the use of your data in this Research Project and to its use in other research. But please note that if you withdraw your consent once the investigators have already collected data for research, they are still allowed to use this information.
If you wish to exercise your rights, you should contact the principal investigator or his/her designated representative. He/she will liaise with the University of Luxembourg’s Data Protection Officer to handle your request. You can also contact the Data Protection Officer by email at dpo@uni.lu (the DPO will liaise with the PI of the Research Project to handle your request) or by post at the following address:
UNIVERSITÉ DU LUXEMBOURG
Data Protection Officer Maison du Savoir
2, place de l’Université L-4365 Esch-sur-Alzette
You also have the right to lodge a complaint with the Luxembourg National Commission for Data Protection (CNPD) regarding the processing of your personal data. Further information is provided at http://www.cnpd.lu. You can also use the CNPD contact form at https://cnpd.public.lu/fr/support/contact.html.