EHVA is a collaborative project involving several research laboratories from all over the world, each of whom is committed to protecting and respecting your privacy.
This Policy (together with the Legal notice and any other documents referred to in it) sets out the basis on which any personal data collected from you, or provided by you, will be processed. Please read the following carefully to understand our practices regarding your personal data and how it will be treated. By visiting http://www.ehv-a.eu/index.php (the “site”) you are accepting and consenting to the practices described in this Policy.
Inserm Transfert is currently acting as the manager for the site infrastructure, but each partner of the EHVA contribute to the content and information disclose on the site.
Any subsequent reference to Inserm Transfert in these terms shall include the EHVA partners from time to time involved in the project. However, unless expressly provided otherwise, the liability of EHVA partners in connection with EHVA or the site shall be several and extend only to any loss or damage arising out of their own acts and omissions.
http://www.ehv-a.eu/index.php and any subdomains therein (“This site”) are operated by Inserm Transfert and represented by the project manager on behalf of the coordinator of the project namely Yves Lévy.
Inserm Transfert is the “data controller" for the information that you provide to us when visiting the EHVA website. This means that we decide how to use it and are responsible for looking after it in accordance with the GDPR.
Inserm Transfert undertakes to process all data transmitted or collected in a manner that complies with the applicable “Regulations”.
The processing of personal data is an organized set of operations carried out on personal data (collection, structuring, preservation, modification, communication ...).
Personal data is information that identifies a human being (natural person), directly (ie: name / surname), or indirectly (e.g. phone number, email address). The data subject is the person who can be identified by the data used in the processing of personal data.
The data controller is the person who decides how the processing of personal data will be implemented, including determining what the data will be used for and what tools will be used to process it.
The subcontractor is the one who performs data operations on behalf of the data controller to sign a contract with the controller that entrusts certain tasks and ensures that it has the technical and organizational guarantees, allowing it to process the personal data entrusted in accordance with the “Regulations”.
4. CATEGORIES OF PERSONAL DATA COLLECTED AND PROCESSED
In application of the minimization principle of the GDPR, only strictly useful personal data are collected and processed. Inserm Transfert collects and processes only personal data that are voluntarily transmitted to him.
The information that can be collected are:
- The business data of the Person concerned: last name, first name(s), e-mail address, function, postal address, professional and/or personal telephone number;
- Browser data of the Person concerned using the Inserm Transfert’s website: Information collected via Cookies and Navigation data.
5. PURPOSES OF TREATMENTS
We process your data (i.e email address) to send you the bi-annual newsletter of EHVA.
However, this will not affect the lawfulness of any processing carried out before your withdrawal of consent and you may no longer be able to use the site in the same way you did before.
2. Audience measurement
6. TRANSFER OF PERSONAL DATA COLLECTED
According to the above, and apart from the need to disclose personal data to companies whose intervention as third party service providers on behalf and under the control of Inserm Transfert is required for these purposes, Inserm Transfert will not transmit any personal data collected in this context, neither sell, rent nor exchange them with any organization or entity, unless you have been informed beforehand and/or that you have explicitly given your consent or, unless required by law, for example in a legal proceeding.
Personal data are not transmitted to third countries or to international organizations outside the European Union. Third parties, service providers are subject to the same rules of confidentiality.
7. SECURITY MEASURES
To the extent possible, to prevent unauthorized access to personal data collected in this context, appropriate technical and organizational measures to safeguard the security, integrity and confidentiality of your Personal Data are being place. These procedures concern both the collection, the preservation and the access to these data, so as to prevent their damage, deletion or access by unauthorized third parties, intentionally, accidentally or unlawfully.
Access to your personal data is strictly limited to employees and staff authorized by reason of their duties and bound by the obligation of confidentiality and, where applicable, by subcontractors. The partners in question are subject to an obligation of confidentiality and may use your data only in accordance with our contractual provisions and the applicable legislation.
Except as provided above, we will not sell, rent, assign or give access to third parties to your data without your prior consent, unless we are compelled to do so (legal obligation, etc.). However, the data collected may possibly be communicated to subcontractors who are contractually responsible for carrying out the tasks necessary for the proper functioning of Inserm Transfert and its services and for the proper management of the relationship with you, without you need to give your permission. It is specified that, in the context of the performance of their services, the subcontractors have only limited access to your data and have a contractual obligation to use them in accordance with the provisions of the applicable legislation on personal data protection.
8. RETENTION PERIOD
Inserm Transfert has laid down precise rules concerning the retention period of personal data, in order to limit the retention to a period strictly necessary. At the end of the fixed period, the personal data will be, as the case may be, deleted or archived, in compliance with the applicable “Regulations”.
|Processing of personal data||Shelf life / archiving|
Up to 3 years from the collection or last commercial contact from the prospect
Statistics measure of the audience
Maximum 13 months from the last data collection
9. RIGHTS OF PEOPLE AND NOTIFICATION OF SECURITY FAILURES
In compliance with the General Data Protection Regulation (EU Regulation 2016/679) (GDPR) and the French Data files and Individual Liberties defined by Law no. 78-17, as amended, you have the right of access, rectification and erasing your data or limitation of treatment data. You also have the right to request for the transfer of your data to another party.
You may also, for legitimate reasons, object to the processing of your personal data, as long as this does not interfere with the operation of Inserm Transfert.
If you feel, after contacting us, that your rights are not respected or that the access control device does not comply with the data protection rules, you can submit a complain to the CNIL.
To facilitate the procedures and in particular to speed up the process Inserm Transfert invites each person concerned, when sending a request for the exercise of the rights to:
- Indicate which right(s) you wish to exercise
- Clearly mention you name/contact information to which you wish to receive information
- Joint a copy of an identity document