INSERM TRANSFERT GENERAL DATA POLICY PRIVACY AND PROTECTION OF PERSONAL DATA
Inserm Transfert respects the French law on the protection of personal data and the Regulation 2016/679 of 27 April 2016 (hereinafter, the “GDPR”).
Depending on the legislation of your country, the policy of protection of personal data may be supplemented or modified by local provisions.
No personal information is collected without your knowledge, no personal information is used for unforeseen purposes.
Inserm Transfert undertakes not to disclose to third parties the information and personal data communicated to it. These are confidential and will only be used for the purposes of processing applications and prospecting activities.
Inserm Transfert undertakes to process all data transmitted or collected in a manner that complies with the applicable data protection laws (Law No. 78-17 of 6 January 1978 as amended and General European Regulation 2016/679 of 27 April 2016). On data protection, these two texts being hereinafter referred to as the “Regulations”).
This general data protection policy is addressed to:
- Inserm Transfert Partners,
- Candidates wishing to join Inserm Transfert (see Application for a job offer)
- Individual Customer or Inserm Transfert prospects
- Internet users browsing the site www.inserm-transfert.com
- Inserm Transfert Suppliers
The processing of personal data is an organized set of operations carried out on personal data (collection, structuring, preservation, modification, communication …).
Personal data is information that identifies a human being (natural person), directly (for example his name / surname), or indirectly (e.g his phone number, his email address). The data subject is the person who can be identified by the data used in the processing of personal data.
The data controller is the person who decides how the processing of personal data will be implemented, including determining what the data will be used for and what tools will be used to process it.
The subcontractor is the one who performs data operations on behalf of the data controller, it signs a contract with the controller that entrusts him with certain tasks and ensures that it has the technical and organizational guarantees, allowing it to process the personal data entrusted to him in accordance with the regulations.
The recipient is the one who receives an authorized communication of personal data.
A “cookie” is a set of data stored on computer equipment (computer or other Internet-connected device) required to run a website.
4. CATEGORIES OF PERSONAL DATA COLLECTED AND PROCESSED
In application of the minimization principle of the GDPR, only strictly useful personal data are collected and processed.
The information that can be collected concerns:
- The business data of the Person concerned :
- Last name, first name (s),
- function, postal address , professional and/or personal telephone number, e-mail address
- Exchanges and transactions record, bank account details (within the framework provided by the law.).
- The data of the supplier concerned
- Last name or company name, first name(s), postal address (head office, billing location), accounting identification code, business and/or personal telephone number, fax number, professional and\or personal email address, number SIREN, economic category has activity
- Browser data of the Person concerned using the Inserm Transfert’s website
- Information collected via Cookies,
- Navigation data.
The data controller collects and processes only personal data that are voluntarily transmitted to him or provided as part of the implementation and / or execution of its public service delegation missions for Inserm.
5. TRANSFER OF PERSONAL DATA COLLECTED
According to the above, and apart from the need to disclose personal data to companies whose intervention as third party service providers on behalf and under the control of the data controller is required for these purposes, Inserm Transfert will not transmit any personal data collected in this context, neither sell, rent nor exchange them with any organization or entity, unless you have been informed beforehand and/or that you have explicitly given your consent or, unless required by law, for example in a legal proceeding.
Personal data are not transmitted to third countries or to international organizations outside the European Union. Third parties, service providers are subject to the same rules of confidentiality.
6. PURPOSES OF TREATMENTS
We collect and process information about you under general conditions of lawful processing of personal data to meet explicit and legitimate purposes.
Your personal data may, among other things, be processed for the following purposes:
- Legitimate interest such as compliance with a legal obligation
- Business relationship with our customers, our suppliers, our subcontractors and our prospects,
- Audience measurement
- Provision of online services (Inserm Transfert website and our technological offers website)
- Creation of customer accounts on the Inserm Transfer technology offer website
- Customer Relationship Tracking such as conducting satisfaction surveys, prospecting campaigns and claims management.
The data controller, may use third parties, service providers and must take all necessary measures to ensure the integrity, confidentiality and access to this data. The controller may transmit personal data at the request of any legally competent authority or on his own initiative if he considers in good faith that the transmission of such information is necessary in order to comply with laws or regulations or to defend and / or protect the rights or property of Inserm Transfert, its customers, its website and / or yourself.
7. SECURITY MEASURES
To the extent possible, to prevent unauthorized access to personal data collected in this context, appropriate technical and organizational measures to safeguard the security, integrity and confidentiality of your Personal Data are being place. These procedures concern both the collection, the preservation and the access to these data, so as to prevent their damage, deletion or access by unauthorized third parties, intentionally, accidentally or unlawfully.
Access to your personal data is strictly limited to employees and staff authorized by reason of their duties and bound by the obligation of confidentiality and, where applicable, by clients or subcontractors. The partners in question are subject to an obligation of confidentiality and may use your data only in accordance with our contractual provisions and the applicable legislation.
Except as provided above, we will not sell, rent, assign or give access to third parties to your data without your prior consent, unless we are compelled to do so (legal obligation, etc.). However, the data collected may possibly be communicated to subcontractors who are contractually responsible for carrying out the tasks necessary for the proper functioning of Inserm Transfert and its services and for the proper management of the relationship with you, without you need to give your permission. It is specified that, in the context of the performance of their services, the subcontractors have only limited access to your data and have a contractual obligation to use them in accordance with the provisions of the applicable legislation on personal data protection.
8. THE DURATION OF THE CONVERSATION
|Processing of personal data||Shelf life / archiving|
|Business development||Up to 3 years from the collection or last commercial contact from the prospect|
|Customer database||Duration of the contract plus legal limitation periods and any required retention periods.
In case of the non-execution of the contract, data can be kept for commercial
|Statistics measure of the audience||Maximum 13 months from the last data collection|
|Job application||Up to 3 months after your application to a job offer. If your application is unsuccessful, your data will be deleted.
Up to 12 months in case of unsolicited application.
|User account||Up to 3 years for all inactive accounts|
|Supplier File||Up to 10 years from the end of the financial year|
9. RIGHTS OF PEOPLE AND NOTIFICATION OF SECURITY FAILURES
In accordance with the law “Informatique et Libertés” of 6 January 1978 as amended and European Regulation n ° 2016/679 / EU of 27 April 2016 (applicable from 25 May 2018), you have the right of access, rectification and erasing your data or limitation of treatment data.
You may also, for legitimate reasons, object to the processing of your personal data, as long as this does not interfere with the operation of Inserm Transfert.
To exercise these rights or for any question about the processing of your data in this device, you can contact our Data Protection Officer (DPO).
Contact our DPO electronically: firstname.lastname@example.org
Contact our DPO by mail:
The data protection officer
7 Watt Street
If you feel, after contacting us, that your rights are not respected or that the access control device does not comply with the data protection rules, you can submit a complaint to the CNIL.
To facilitate the procedures and in particular to speed up the process Inserm Transfert invites each person concerned, when sending a request for the exercise of the rights to:
- Indicate which right (s) she/he wishes to exercise
- Clearly mention her / his / her names / contact information to which she / he wishes to receive information
- Joint a copy of an identity document