| Last updated | 13/04/2026 |
| Commitment of Sudstroum | Respecting everyone’s privacy is the objective of Sudstroum S.àr.l & Co S.e.c.s. We are committed to protecting and processing your personal data in strict compliance with European Regulation 2016/6791. |
| Scope and target audience | This privacy statement applies to all PII you provide when contacting a Sudstroum representative or when using any of the applications developed by Sudstroum and accessible through the www.sudstroum.lu website. |
| Responsible for processing your data | Sudstroum S.àr.l & Co S.e.c.s. 11, rue de Luxembourg L-4220 Esch-sur-Alzette |
| DPO contact | In order to ensure compliance, Sudstroum S.àr.l & Co S.e.c.s has appointed a Data Protection Officer (DPO) who can be contacted at the following e-mail address for any questions regarding the security of your data: dpo@sudstroum.lu. |
| Modifications | Sudstroum may change this privacy statement by posting an updated version on our website. |
Sudstroum attributes great importance to the protection of personal data and the respect of privacy. This is confirmed by the implementation of a data protection policy specific to Sudstroum.
Sudstroum’s approach as a company is based on six principles:
In the context of the execution of its tasks in the public interest, Sudstroum processes and uses your personal data in accordance with the legal provisions, namely:
The collection and processing of your PII is limited to the following purposes:
The data may also be used for statistical, research and archiving purposes in accordance with applicable legislation.
This concerns all customers of Sudstroum S.àr.l & Co S.e.c.s as electricity consumers, meter tenants or users of telecommunications, internet and television services.
Concerning the persons mentioned in point 3.3, data are collected from
We do not use automated decision-making, including profiling, within the meaning of applicable data protection laws.
As part of our recruitment process, we may consult publicly available information about you on professional networking platforms (such as LinkedIn) to assess your application.
‘PII’ means information that identifies you or makes you identifiable. This may include in particular, but is not limited to:
We process PII only when we have a valid legal basis to do so under applicable data protection laws.
Depending on the context, we rely on one or more of the following legal bases:
We process PII where it is necessary to perform a contract with you or to take steps at your request prior to entering into a contract.
This includes, for example, managing our relationship with you, providing our services, and handling billing and administration.
We process PII on behalf of our B2B customer according to the rules set up in a contract and under the strict supervision the customer acting as PII controller.
We process PII where necessary to comply with legal or regulatory obligations to which we are subject. This includes, for example, accounting, tax, and reporting requirements.
We process PII where it is necessary for legitimate interests, provided that these interests are not overridden by your fundamental rights and freedoms. Our legitimate interests may include:
We sometimes process PII based on your consent, e.g. if the web site visitors accept cookies, or if we provide PII of consultants to a potential customer for evaluation of skill and trustworthiness.
You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Your personal data is kept for the time necessary to achieve the above-mentioned purposes.
These periods may, however, be increased by the need to apply statutory limitation periods. The retention periods have been defined in the record of processing activities and can be consulted on the premises of SM.
Alternately a concise table from record of processing is Table 1: Retention time from record of processing activities. The customers’ data are retained during all the period of services with SM. For any question about the time retention of your PII, you can contact our DPO.
Depending on the purpose or provisions of the archiving laws, the retention period could be extended. Indeed, some images are kept and used for historical purposes.
In anonymised form, your personal data may be used for statistical purposes beyond the above-mentioned retention period.
| Type of data | Retention time | Deletion time after request |
| Phone number, email, address for emergency service | 15 years | Depends on request |
| Matricule for customer management | 10 years after the end of the contract | Immediate deletion is feasible for online data, but deleting paper records is not economically justifiable. |
| Electric consumption per day | 15 years | 1 month |
| Invoicing information | 10 years after the end of the contract | 1 month |
| Recording of client service | cf. Eltrona | 1 month |
| Information for technical service | 5 years | 1 month |
Table 1: Retention time from record of processing activities for management of customer data
We share data with your electricity supplier or electricity network operator if you have chosen a company other than Sudstroum.
We also share your data with the LENEDA project, operated by CREOS under the responsibility of the regulator ILR, as this is a legal requirement. For further information, please contact the ILR.
As a general rule, we do not share your personal data outside Sudstroum, unless required by law. However, we may use carefully selected and monitored data processors to assist with the processing of your data, all of whom are obliged to delete your data at our request. If you would like a list of these data processors, please contact our DPO (see section 3.10).
Anonymised versions of your data may also be shared with private or public emergency services (in the event of a breakdown).es à caractère personnel sont-elles transférées vers des pays tiers (hors UE et pays partenaires) ?
We do not transfer any of your personal data to servers outside the European Union and use subcontractors who agree to store your data within the European Union. If we change our policy, we will do so in accordance with data protection laws, and you will be informed.
We aim to keep your personal data as secure as possible and only for as long as is necessary for the purposes for which it is processed. In this respect, we take appropriate physical, technical and organisational measures to prevent the modification or loss of your data as far as possible and appropriate.
When Sudstroum works with other companies, the selection of these companies is made only after a thorough selection process. During this selection process, each individual service provider is carefully assessed for its technical and organisational data protection competence.
Access to your personal data is restricted to prevent unauthorised access, modification or misuse and is only permitted to our agents who need the data for their work.
The legal rules on the protection of PII, in particular the rights of the data subjects concerned by the processing operations carried out are applicable under the relevant conditions and subject to the exceptions and derogations provided for.
For questions relating to the processing of your data or in order to exercise your rights, you may contact the Data Protection Officer of Sudstroum,
Sudstroum S.àr.l & Co S.e.c.s. Data Protection Officer
11, rue de Luxembourg L-4220 Esch-sur-Alzette
while enclosing with your application a legible and valid copy of your identity document and, if applicable, that of the person for whom you are the legal representative.
If you have any questions, you can also contact the person who carried out the data processing directly.
You have the right to:
In the event of a request for deletion of your data, Sudstroum will check that there are no other purposes or rights of another data subject that would oblige it to keep them. In this case, the decision should be notified.
If you request a copy of your file, Sudstroum will analyse it in order to delete any information on other persons.
If you believe that your personal data have not been processed in accordance with the law, you have the right to contact the CNPD (www.cnpd.lu) or to lodge a complaint with them.