Zentrum fir Urban Gerechtegkeet

Center for Urban Justice

GeLATO Privacy Policy

Privacy Policy for GeLATO (zug.lu)
Last updated: April 14 2025

GeLATO is a tool that helps users generate FOIA (Freedom of Information) requests in compliance with Luxembourgโ€™s transparency law. We respect your privacy and take data protection seriously. This privacy policy explains what data we collect, how we use it, and your rights under the GDPR.

1. Who We Are

GeLATO is operated by Zentrum fir Urban Gerechtegkeet a.s.b.l., hosted on servers in Germany (Hetzner), and managed under EU data protection regulations. You can contact us anytime atย info@zug.lu.

2. What Data We Process

a) Automatically Collected (Legitimate Interest):

  • IP address
  • Browser/user agent (for technical access logging)
  • Session cookies
  • Matomo analytics data (aggregated, anonymized)

Retention:

  • Access logs are deleted after 30 days.

b) User-Provided (Consent):
When using the tool to generate a FOIA request, we temporarily process:

  • The public administration selected
  • The content of the request
  • The preferred delivery method (e.g., email or mail)

If you choose to download a PDF, we temporarily store:

  • The selected administration
  • The anonymized content of the FOIA request (no PII unless voluntarily included in the request text)

If you opt in to follow-up, we may store:

  • Your name, email address, and mailing address
  • The content of your request (linked anonymously after 1 year)

3. Data Storage and Retention

  • Personally identifiable data (e.g., email address, name) is stored only with your explicit consent and deleted afterย 1 year.
  • Request data (without personal identifiers) may be stored for up toย 5 yearsย for research and statistical purposes.
  • PDF files areย neverย stored on our servers.

4. Use of Data

We use the data for the following purposes:

  • To process and generate your FOIA request
  • To allow LLM-based request improvement via Mistral (hosted in the EU, data not used for training)
  • To optionally follow up with you, if consented
  • To improve the tool and provide usage statistics (aggregated and anonymized via Matomo)
  • To support research and transparency journalism, with anonymized data only

We do not share your personal data with any third parties.

5. Your Rights Under GDPR

You have the right to:

  • Access your data
  • Request correction or deletion
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

To exercise your rights, email us at info@zug.lu.

6. Security Measures

We use HTTPS to encrypt all data in transit. Our servers are hosted in Germany, protected with industry-standard encryption, and access is strictly controlled.

7. Changes

We may update this policy occasionally. Any changes will be published here with an updated date.

ZUG needs your support to pay legal fees helping us to access the "hidden documents" from VDL

Support us!
X