Last update on: November 18th, 2022
It was established in accordance with the provisions of the French Data Protection Act of January 1978, the General Data Protection Regulation (GDPR) of May 23, 2018 and the Act Transposing the GDPR of June 20th 2018.
ARTICLE 1 – DEFINITIONS
Technical terms related to personal data protection
On our Website, the following terms have the definition attributed to them within the meaning of the GDPR (Article 4) :
● Consent : “of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;”
● personal data : “means any information relating to an identified or identifiable natural person (‘data subject’) ; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person ;”
● controller : “means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data ; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”
● processor : “means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;”
● processing : “means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” ;
● personal data breach : “means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.”
2. Other terms used in this policy
● « non-profit Organization » : refers to DeLeX CONSORTIUM, independent Association under the French Law of 1901, whose registered office is in Paris, France
● “Website” : refers to the website https://www.delex-consortium.org/ or any website operated by DeLeX CONSORTIUM and made available to the User.
● “User”: refers to any individual using our Website and having access to its content.
ARTICLE 2 – THE COLLECTED DATA
By using our Website, User consent to the collection and processing of its personal data. This consent should be use as a legal basis for the processing of its data.
DeLeX CONSORTIUM collects and processes data that is strictly necessary for the purposes for which it is processed. We can assure to our users that we do not process data for purposes other than those mentioned below. If we should offer a new service on our website, requiring the collection and processing of your data, we will collect the agreement of our users once again before offering the new service in question.
Whenever our site processes personal data, it takes all reasonable steps to ensure the accuracy and relevance of the personal data to the purposes for which it processes them.
2. Access to Data
The data we collect on our Website is for our exclusive use only. Your personal data is not disclosed to third parties and is only accessible to authorized employees of our non-profit Organization also to services providers and IT subcontractor for the maintenance and development of our Website.
The personal data accessible by our services providers and subcontractors are not processed, nor collected nor exploited by them, they can only have access to the data for computer maintenance purposes. The person in charge of processing your data can be contacted at the following address: firstname.lastname@example.org
As the person responsible for processing the data he collects, he undertakes to respect the framework of the legal provisions in force. In particular, he is responsible for providing prospects, clients, and users with full information on the processing of their personal data and for maintaining a register of processing operations.
ARTICLE 3 – PURPOSE OF DATA PROCESSING OPERATIONS
DeLeX CONSORTIUM collects data from its users only for the purposes of processing as follows:
● Contact our Association : a dedicated e-mail address is accessible email@example.com as well as a contact form to contact our non-profit Organization. In order to best process your request, we collect your e-mail address and username.
● Subscription to our newsletter : Any User will have the possibility to subscribe to the DeLeX CONSORTIUM newsletter (coming soon) in the space provided in our website.
To unsubscribe from our newsletter, User can use the provided function in the e-mail or directly make a request at : firstname.lastname@example.org
● Prevent and fight against computer fraud (spamming, hacking, etc.) : hardware used for browsing, IP address, password. We do not exceed the legal data retention periods and your data is kept only for the time necessary to process the purposes for which it was collected.
ARTICLE 4 – NON-DISCLOSURE OF PERSONAL DATA
Our non-profit Organization will not process, host, or transfer the Information collected about its users to a country outside the European Union or recognized as "unsuitable" by the European Commission without prior notice to the Customer.
However, our non-profit Organization remains free to choose its technical and commercial subcontractors if they present sufficient guarantees about the requirements of the General Data Protection Regulation (GDPR n° 2016-679). The User's Personal Data may be processed by subsidiaries of our non-profit Organization and subcontractors (service providers), exclusively to achieve the purposes of this policy.
When DeLeX CONSORTIUM works with services providers, they have a limited access to the personal data of the user and have a contractual obligation to use them in accordance with the applicable law regarding protection of personal data.
Our non-profit Organization undertakes to take all necessary precautions to preserve the security of the data and in particular that the data are not communicated to unauthorized persons.
ARTICLE 5 – DATA SECURITY AND INCIDENT NOTIFICATION
Our Website and our non-profit Organization have taken all useful and necessary precautions, with regard to the state of the art in this area, to protect your information in a secure environment in order to avoid any destruction, loss, alteration, distribution or unauthorized access.
No matter how hard we try, no method of transmission over the Internet and no method of electronic storage is completely secure. Therefore, we cannot guarantee absolute security. If we become aware of a security breach, we will notify the users concerned so that they can take appropriate action. Our incident notification procedures consider our legal obligations, whether at national or European level.
In the event that the integrity and confidentiality of your data is compromised, the data controller undertakes to comply with the procedures established under the French Data Protection Act of 6 January 1978 and the European Data Protection Regulation ("GDPR ").
ARTICLE 6 – RIGHTS OF THE DATA SUBJECT
Regarding the legal provisions of the Data Protection Act of 6 January 1978 and the European Regulation on Data Protection ("GDPR"), users of our Website have the following rights:
● the right of access (Article 15 GDPR) and rectification (Article 16 GDPR), updating, completion of Users' data the right to block or erase Users' personal data (Article 17 GDPR), when they are inaccurate, incomplete, ambiguous, outdated, or whose collection, use, communication or storage is prohibited
● right to withdraw consent at any time (article 13-2c GDPR)
● right to limit the processing of Users' data (Article 18 GDPR)
● right to object to the processing of Users' data (Article 21 GDPR)
● the right to the portability of the data provided by Users, when these data are subject to automated processing based on their consent or on a contract (Article 20 GDPR)
● the right to define the fate of the Users' data after their death and to choose to whom DeLeX CONSORTIUM will have to communicate (or not) their data to a third party that they will have previously designated.
Our site and our non-profit Organization cannot oppose the users' request to exercise their rights. This request may be made at any time by electronic means at the following address: email@example.com
Requests will be processed within ten (10) working days unless an overriding reason is given and justified by our non-profit Organization justifying an extension of the deadline.
ARTICLE 7 – NATIONAL COMMISSION ON DATA PROCESSING AND LIBERTIES
If our non-profit Organization does not satisfy the user's request, the latter is entitled to refer the matter to the CNIL (National Commission on Data Processing and Liberties, https://www.cnil.fr) to enforce his rights.
ARTICLE 8 – MINIMUM AGE
In accordance with the provisions of article 8 of the R.G.P.D., we do not collect, directly or indirectly, personal data from persons under the age of sixteen (16). Users under the age of sixteen (16) must seek the consent of a legal representative - required by DeLeX CONSORTIUM- so that their personal data can be collected.
DeLeX CONSORTIUM reserves the right to request a justification of this agreement from the legal representative. The responsibility of our non-profit Organization cannot be sought in the event of any user providing personal data concerning a minor under the age of sixteen (16).
ARTICLE 9 – COOKIES DEFINITION
The user is informed that a cookie is a small file submitted on the terminal of any user (computer, tablet or mobile device), by our Website, during its consultation. It does not contain any personal information but allows us to make the link between the user's device and his preferences for use and experience on our Website (e.g., location, language, font size).
For the use of "cookie" files involving the saving and analysis of personal data, the consent of the user is always requested. This consent is valid for a period of thirteen (13) months, at the end of which the user will be asked for a new authorization.
We use and collect cookies for the purposes of :
● To process a minimum of information on the traffic of our site and to optimize it as well as possible.
● To provide our users with a smooth browsing experience by adapting the presentation of our Website to the display preferences of the user's terminal
● To store information provided on the Website by the user.
In general, the cookies which are initially placed on our Website may be categorized as essential cookies.