Date of last modification of this document (Cerfacs Extranet privacy policy): 18 Février 2020
CERFACS’s Presentation
Cerfacs is a fundamental and applied research center specialized in numerical modelling and simulation. Through its means and know-how in high-performance computing, Cerfacs addresses the major scientific and technical problems of public and industrial research.
CERFACS
42 avenue Gaspard Coriolis
31100 TOULOUSE Cedex 01
FRANCE
05 61 19 31 31
secretar@cerfacs.fr
Data Controller
CERFACS is the controller of the processing of personal data hosted by its IT infrastructure:
Definition of terms used in the privacy policy
“Personal data”: is defined as “any information relating to an identified natural person or which can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to that person”, in accordance with the General Data Protection Regulation 2016/679 of 27 April 2016 (“GPDR”) and French Law No. 78-17 “Informatique et libertés” of 6 January 1978.
“Site” or “Service”: the https://cerfacs.fr site and all its pages.
“Publisher” or “We”: CERFACS (Centre Européen de Recherche et de Formation Avancée en Calcul Scientifique), the legal or natural person responsible for the edition and content of the Site.
“User” or “You”: the Internet user visiting and using the Services of the Site.
“Terminal”: Computer, tablet, telephone
Purpose of this document
This information document describes the processing operations carried out by CERFACS (collection, use and management) on users’ personal data and users’ rights.
This GDPR Compliance Policy is intended to inform you about how we collect and use your personal data.
It is important that you read this privacy policy so that you are aware of why we use your data and how we do so.
GDPR compliance
The acronym “GDPR” stands for “General Data Protection Regulations”. This new European regulation, which came into force on 25 May 2018, is in line with the 1978 “French Data Protection Act” and reinforces the control by individuals of the use that can be made of their personal data
What are personal data?
This is all information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier.
Examples (the list below is not exhaustive):
- A surname
- First name
- Identification number
- A personal address
- E-mail address such as firstname.name@group.com
- Identity card number
- Internet protocol address also called “IP address” -> (identification number assigned to your computer on the Internet)
- Cookies [1]
- One or more elements specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of a natural person.
CERFACS is part of an active approach to the protection of personal data that it processes for the purposes of its activities.
In this respect, CERFACS undertakes to comply with the General Data Protection Regulation 2016/679 of 27 April 2016 (“GDPR”) and Act No. 78-17 of 6 January 1978 on data processing, files and freedoms (together “the Personal Data Protection Regulation” or “the Regulation”).
For information, these articles can be consulted here: https://www.cnil.fr/fr/reglement-europeen-protection-donnees
It requires compliance with an obligation to provide concise, transparent, comprehensible and easily accessible information to the persons concerned. This transparency obligation is defined in Articles 12, 13 and 14 of the GDPR.
Transparency allows the persons concerned:
- To know the reason for the collection of the different data concerning them.
- To understand how their data will be processed.
- To ensure the control of their data, by facilitating the exercise of their access rights.
Who to contact if you have any questions about your personal data ?
CERFACS attaches great importance to respect for the rights and freedoms of individuals and the protection of their personal data.
A Data Protection Officer (DPO) has been appointed, who can be contacted at the following address: dpo@cerfacs.fr
This designation, registered by the Commission Nationale de l’Informatique et des Libertés (CNIL), is number DPO-62373.
What does the processing of personal data cover ?
Data processing refers to any operation carried out on personal data, whether automated or manual, such as the collection, recording, storage, modification, consultation, dissemination or erasure of personal data.
Purposes of the processing of personal data
CERFACS may collect personal data in its capacity as controller in order to:
- Respond to your requests for information (through forms and contact pages).
- To comply with its legal obligations (legal period of retention of computer event logs related to the activity of our Intranet and Extranet sites).
- For the administrative management of conferences related to scientific events.
- For the purpose of processing an online registration, a subscription to newsletters or publications, responding to a request for information.
- On the occasion of your visit to websites, to allow exchanges with CERFACS.
- For internal and external communication purposes such as the management of communication events and the organization of training sessions.
What personal data is collected?
We only collect and use personal data that is strictly necessary for your navigation on the CERFACS Extranet site (data minimization).
The list of these personal data below:
Training registration data (information shared by you):
- Identity information: surname, first name, photograph
- Name of the training, name of the company, billing address, level of training, position in the company.
- Contact information: e-mail address
- Contact information: Team, work phone, status.
- Information about your professional background
- Login data when you browse the Intranet site or access the CERFACS information system
- Data required for event relationship management, communication operations.
Sharing your personal data
CERFACS does not share, transfer or sell your personal data with third parties for commercial purposes. We may, very exceptionally, disclose your personal data to third parties to the extent required by law, a court order or a decision of a competent public authority and for law enforcement purposes.
Retention periods for your personal data
We keep your information for no longer than is necessary for the purposes for which it was collected. The length of time we keep information depends on the purposes for which we collected and use it.
WARNING : For the collection and processing of data, the consent given buy the user has no limit of validity, it is valid as long as the user does not change his mind.
Personal data related to the direct mailings we send you are stored and processed for a period of two (2) years from the date on which you either unsubscribe from the newsletter or register without confirmation.
What are your rights to your personal data ?
You have the right:
- To request information on the processing of your personal data.
- To obtain access to the personal data held about you.
- To request that incorrect, inaccurate or incomplete personal data be corrected.
- To request that personal data be deleted when they are no longer necessary or if their processing is unlawful. (Right to forget)
- To oppose the processing of your personal data for the purpose of prospecting or for reasons related to your particular situation.
- To request that the processing of your personal data be limited in specific cases.
- To retrieve your personal data, in a format that is used and machine-readable, for personal use or to transfer it to another organization. (Right to data portability)
- To request that decisions based on automated processing that concern or significantly affect you and are based on your personal data be taken by individuals and not only by computers. In this case, you also have the right to express your opinion and to challenge these decisions.
- To give instructions on the storage, erasure and communication of your data after death.
In the event of a security breach of your high-risk data, you will be notified promptly, except in certain situations (e.g. already encrypted data (right to notification).
You can file a complaint with the Commission Nationale Informatique et Libertés (CNIL – website: http://www.cnil.fr : headquarters: 3 Place de Fontenoy 75007 PARIS) or bring a collective action, in particular by appealing to approved national consumer protection associations.
In order to preserve the confidentiality of your personal data, any request concerning the implementation of your rights must include for the attention of our DPO a certified true copy of a valid identity document (identity card or passport).
This copy will be returned to you with your request and the desired information or consideration of your request. The absence of such proof will prevent the processing of your request due to the lack of sufficient security to certify the identity of the holder of the rights concerned.
Security of your personal data
CERFACS implements measures to ensure the security of its Extranet and more generally to protect your personal data against access by unauthorized third parties.
Technical and organizational measures in accordance with French and European legal and regulatory requirements ensure their security (physical and software) and confidentiality.
Management of personal data breaches
We take violations of personal data very seriously.
In the event of a violation of your personal data that may create a risk to your rights and freedoms, the DPO notifies the CNIL of the violation as soon as possible, and, if possible, no later than 72 hours after becoming aware of it.
The CERFACS shall also inform the person concerned as soon as possible in accordance with the provisions of Article 34 of the GDPR.
Cookie management
When you first browse the CERFACS Extranet site https://cerfacs.fr you may see a window asking you to accept or refuse the deposit of cookies [1] to enable us to compile attendance statistics.
Cookies” are small text files of limited size that allow us to recognize your computer, tablet or mobile device in order to personalize the services we offer and provide you with the best possible browsing experience.
Cookies policy
Our cookie policy allows you to better understand the provisions we implement when browsing our website.
In particular, it informs you about all the cookies on our website, their purpose and gives you the procedure to follow to set them up.
General information about cookies on the site
Cerfacs, as the publisher of this website, may install cookies on the hard disk of your device (computer, tablet, mobile etc.) in order to guarantee you a smooth and optimal navigation on our website.
The information collected through cookies does not in any way identify you by name. They are used exclusively for our own purposes to improve the interactivity and performance of our website and to send you content tailored to your interests. None of this information is disclosed to third parties except where disclosure is required by law, by order of a court or any administrative or judicial authority having jurisdiction over it.
To help you better understand the information that cookies identify, you will find below (in the process of being written – will be posted as soon as possible) a list of the different types of cookies that may be used on the Cerfacs website, their name, their purpose and their storage period.
Configuring your cookie preferences
You can accept or refuse the deposit of cookies at any time.
When you first connect to the https://cerfacs.fr website, a window briefly presenting information about the deposit of cookies and similar technologies appears on your screen.
This window warns you that by continuing to browse the Cerfacs website (by loading a new page or by clicking on various elements of the site, for example), you accept the placement of cookies on your device.
Depending on the type of cookie involved, it may be necessary to obtain your consent to deposit and read cookies on your device (computer, tablet, and phone).
Cookies exempt from consent
In accordance with the recommendations of the Commission Nationale de l’Informatique et des Libertés (CNIL), certain cookies are exempt from prior collection of your consent insofar as they are strictly necessary for the operation of the website or have the exclusive purpose of allowing or facilitating communication by electronic means.
These include session ID, authentication, load balancing session cookies and cookies to customize your interface.
These cookies are entirely subject to this policy insofar as they are issued and managed by Cerfacs.
For more information: https://www.cnil.fr/fr/cookies-comment-mettre-mon-site-web-en-conformite ( “Cookies exempt from consent” section)
Cookies requiring the prior collection of your consent
This requirement applies to cookies issued by third parties that are described as “persistent” as long as they remain on your device until they are deleted or expire.
As such cookies are issued by third parties, their use and storage are subject to their own privacy policies, a link to which is provided below.
- Facebook Social Network Privacy Policy: https://fr-fr.facebook.com/policy.php
- Twitter Social Network Privacy Policy: https://twitter.com/fr/privacy#update
- LinkedIn Social Network Privacy Policy: https://www.linkedin.com/legal/privacy-policy?_l=fr_FR
- Research Gate Social Network Privacy Policy: https://www.researchgate.net/privacy-policy
- YouTube Social Network Privacy Policy: https://support.google.com/youtube/answer/7671399?p=privacy_guidelines&hl=fr&visit_id=637039654839542664-3816476048&rd=1
This cookie family includes audience measurement cookies, which Cerfacs uses, as well as social network sharing cookies (Facebook, YouTube, Twitter, LinkedIn, Research Gate, etc.). Social network sharing cookies are issued and managed by the publisher of the social network concerned. Subject to your consent, these cookies allow you to easily share some of the content published on the site, in particular through a “button” sharing application depending on the social network concerned.
When you click on the icons dedicated to social networks (Twitter, Facebook, LinkedIn) on the Site, and if you have accepted the deposit of cookies while continuing your browsing, these social networks may also deposit cookies on your device.
Audience measurement cookies collect statistics about the use and usage of various elements of the website (such as the content / pages you have visited). This data contributes to improving the site’s ergonomics.
On the website https://cerfacs.fr, an audience measurement tool (Google Analytics) is used; its privacy policy is available in French at the following Internet address: https://www.google.com/analytics/learn/privacy.html
Tools for setting cookies
Most Internet browsers are configured by default so that cookies are allowed.
Your browser gives you the opportunity to modify these standard settings so that all cookies are systematically rejected or only part of the cookies are accepted or rejected depending on who issued them.
WARNING: We draw your attention to the fact that refusing to accept cookies on your device may nevertheless affect your user experience and your access to certain services or features of this website. If necessary, Cerfacs declines any responsibility concerning the consequences related to the deterioration of your browsing conditions which occur because of your choice to refuse, delete or block the cookies necessary for the operation of the site.
Your browser also allows you to delete cookies that already exist on your device or to notify you when new cookies are likely to be placed on your device. These settings do not affect your browsing but cause you to lose all the benefit of the cookie.
Please read below the settings available for the main Internet browsers so that you can set the cookies on your device.
Setting up your web browser
Each Internet browser has its own cookie management settings. To find out how to change your cookie preferences, you will find below the links to the help you need to access the menu of your browser provided for this purpose.
Google Chrome : https://support.google.com/chrome/answer/95647?hl=fr
Internet Explorer : https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies#ie=ie-11
Mozilla Firefox : https://support.mozilla.org/fr/kb/activer-desactiver-cookies
Opera : http://help.opera.com/Windows/10.20/fr/cookies.html
Opera under Android : https://help.opera.com/fr/mobile/android/#privacy
Safari : https://support.apple.com/kb/PH21411?viewlocale=fr_FR&locale=fr_FR
Safari under iOS : https://support.apple.com/en-us/HT201265
Browser under Android : https://support.google.com/nexus/answer/54068?visit_id=637039533785559312-1796958001&hl=en&rd=1
For more information on cookie control tools, you can consult the CNIL website: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser
Cookies list
The list of necessary cookies used when you browse the Site:
COOKIE “PHP_SESSID”: cookie necessary for navigation on the Cerfacs site.
COOKIE “PLC_LANGUAGE”: cookie required for the choice of language when browsing the Cerfacs site.
The maximum lifetime of a cookie is 13 months when it has been placed on your Terminal, after you have given your consent. (CNIL Info: https://www.cnil.fr/fr/cookies-traceurs-que-dit-la-loi)
Changes to our privacy policy
CERFACS may amend or update this Privacy Policy from time to time as necessary to reflect changes in legislation, regulations, case law or technology.
That is why we invite you to consult it periodically. The date of the last update always appears at the top of the document.
[1] Cookies are navigation trackers, recorded by your Internet browser (Microsoft Edge, Internet Explorer, Firefox, Google Chrome, Safari, Opera, etc….)) that can be used to analyze the navigation, travel and viewing or consumption habits of users on the websites they visit.