This Policy concerns the Protection of Personal Data (hereinafter “PD”) as implemented by the Paediatric Upper Limb Project (hereinafter « PULPe» or « We »)
This Policy thus outlines our policies and practices regarding your personal information (information relating to you from which you can be identified) and how we will treat it. This Policy may change from time to time (see Change section below), so please check the Policy periodically for updates.
Pursuant to the Civil Liberties Act and the GDPR, the controller is the person who determines the methods and purposes of the processing. If the purposes and methods of processing are jointly determined by two or more controllers, they are jointly responsible for the processing, i.e. co-controllers or joint controllers. The processor is someone who processes personal data on behalf of the controller and acts under the controller’s authority and by its rules.
The PULPe is committed to the privacy and security of your data.
Our goal is to offer you our services and honoring the commitments we’ve made in our Two Laws of Data Protection:
- 1. Your Data is Yours
- 2. Your Data is Protected
The PULPe undertakes to offering its services and resources in compliance with the General Data Protection Regulation (GDPR) requirements.
We confirm we have completed the entirety of our GDPR service readiness audit, validating that all generally available services and features adhere to the high privacy bar and data protection standards required of data processors by the GDPR.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact (free of charge): firstname.lastname@example.org
Maintaining protection of the information entrusted to our care by our constituents is of the utmost importance to the PULPe.
We, as controller in line with the GDPR, agrees and warrants:
- a) to process the personal data in compliance with the Clauses;
- b) that it has implemented the technical and organizational security measures specified in this document before processing the personal data;
- c) that, in the event of sub-processing, we have previously informed the data controller and obtained its prior written consent;
What information does the PULPe collect?
1. Data collected and method of collection: General
We collect several types of information from and about users of our Website and others, including information:
- by which you may be personally identified, including your name, postal address, e-mail address or telephone number (“personal information”);
- that is about you individually but is not held in a form to identify you, such as age, gender, language preferences, expertise, date of birth; and/or
- about your internet connection, the equipment you use to access our Website and usage details.
In this respect, the PULPe collects general and personal data concerning you from:
- you when you provide your details to the PULPe;
- its Clients (in such cases, Client must ensure that it is entitled to disclose such data and that you are aware of the various matters detailed in this Data Protection Statement);
- participants at Client’s meetings and events organized by the PULPe;
- users of the PULPe’s website; and third parties (such as online service provider or single sign on authority).
Following the reception of the data, an electronic profile is created in PULPe tools for each person or entity (the “Contact Profile”).
The Contact Profile may contain but is not limited to:
- phone number;
- email address;
- organization or company of employment and/or job title;
- field of activity and/or interest;
- other communicated preferences.
What does the PULPe do with my information?
We are committed to protecting the privacy of your information. Below, we describe the ways in which we use the information we collect and receive to provide, maintain, and improve the Service; to provide troubleshooting and customer support; to protect the Service for all our users; to contact you.
2. Purpose of data collection
Data collection is also meant to protect the PULPe and its users. The PULPe does not collect more data than is necessary to fulfil such purposes.
In addition to creating Contact Profiles, the PULPe uses your data for the following purposes and for which you give your consent:
- a) Registrations:
The Contact Profiles are stored in a database to be consulted each time a registration is to be made. When a registration is made, the PULPe creates an order that contains all of the personal data along with the registration information that is needed to fulfil your request.
To make registrations, the PULPe might need to transfer some personal data to various third-party travel suppliers (handbook publisher and printer, badges supplier, etc) in France.
- b) New products and services:
With a view to improving services and based on the data given to the PULPe, the PULPe may send you additional information related to your current or future event(s). An example might be information about other courses or congresses that might be interesting.
- c) Technical data:
The PULPe, or third parties instructed by the PULPe, evaluate this data purely for statistical purposes and only in an anonymized form, in order to optimize the PULPe’s website and increase user-friendliness, efficiency and safety.
- d) Other purposes:
The PULPe may use your data as the PULPe believes to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce the PULPe’s terms and conditions; (e) to protect the PULPe’s operations; (f) to protect the PULPe’s rights, privacy, safety or property, you or others; and (g) to allow the PULPe to pursue available remedies or limit the damages that the PULPe may sustain; (h) to allow you to apply for job offer available on the PULPe’s website
The PULPe will ask your consent before using data for a purpose other than those that are set out in this Policy subject to mandatory laws.
3. Duration of storage
General and personal data will be kept by the PULPe only as long as reasonably necessary taking into consideration its need to answer queries or resolve problems, to provide improved and new services and to comply with legal requirements under applicable laws or with inquiries from Clients on past events or travel activities.
The PULPe will retain general and personal data during a maximum period of five years if no specific legal requirement.
For applicants to various call for candidates, the data will be retained for a maximum period of two years.
You may cancel/delete your PULPe account by sending an email to our Data Protection Officer: email@example.com
4. Location of storage
The Contact Profiles that the PULPe maintains are stored in a central databases in the cloud on the server hosted by 1&1/IONOS.
Third-party providers have signed our dedicated data protection clauses.
Any transfer of your Data outside the European Economic Area shall only take place with appropriate safeguards in place, such as contractual terms in compliance with applicable data protection laws and regulations.
5. Your duties
We will use reasonable efforts to ensure that your Personal Information is kept as accurate, complete and up-to-date as possible. We will not routinely update your Personal Information, unless such a process is necessary. In order to help us maintain and ensure that your Personal Information is accurate and up to date, you must inform us, without delay, of any change in the information you provided to us.
You thus must ensure that the data you provide us with are:
- truthful; and
- compliant with any applicable laws.
In particular, since the PULPe will mainly use email communications with you, you are required to notify us of any modification of your email address.
Alternatively, you can directly update your Contact Profile.
The PULPe does not target the digital asset to children less than fourteen (14) years of age or knowingly collect information from children for the purpose of selling products or services.
Children Under the Age of 16
Our Website is not intended for children under 16 years of age. No one under age 16 may provide any personal information to or on our Website. We do not knowingly collect personal information from children under 16.
If you are under 16, do not use or provide any information on our Website or on or through any of its features/register on our Website, make any purchases through our Website, use any of the interactive or public comment features of our Website or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information.
If you believe we might have any information from or about a child under 16, please contact us: firstname.lastname@example.org
6. Transfer and communication of data
Your personal data may therefore be transferred to and outside of France, including in countries whose data protection laws may be different from, and less stringent than, those in your country of residence.
You hereby agree and give your consent to the PULPe to transfer and communicate your data as follows:
- a) Transfers within the PULPe: Transfers are made throughout the PULPe to support its activities and/or services (board members).
- b) Transfer to third-parties: the PULPe works with certain third parties to obtain support services in connection the software maintenance of its website and, in some cases, personal data will be shared with these third parties in order to pursue the PULPe’s mission and goals.
The PULPe may also transfer your data to a third-party in the event of any reorganization, merger, transfer or other disposition of all or any portion of the PULPe activities.
- c) Regulatory transfers: the PULPe may be required by law to transfer data to governments and regulatory and/or supervisory authorities.
If you visit the PULPe’s website your data will be transported via an open publicly accessible network. The data might therefore be transmitted across national borders, even if you are located in Europe.
This involves notably the risk that your data may be intercepted and read by third parties (read the “Terms & Conditions of use”).
Furthermore, you are notified that information you transmit or allow to be transmitted to you by the PULPe via an electronic medium, in particular via e-mail, SMS, contact forms, etc. are usually unencrypted and therefore neither confidential nor secure.
You are hereby notified that your personal data might be accessed by governmental authorities in such countries (in particular by US authorities).
7. Security and organizational measures
We have implemented technical and operational measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure.
All personal information you provide to us is stored on password-protected databases on our secure servers behind firewalls and we use Secure Sockets Layer (SSL) to ensure that the transmission of sensitive data for payments and contributions is encrypted and appropriately safeguarded.
We train our employees on the importance of information security and focus specifically on practices for protecting against unauthorized disclosure of personal data.
We have a documented incident response plan for acting upon events that violate the PULPe’s security or privacy policies, should they occur, and this plan is reviewed and updated on an ongoing basis.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. Passwords registered with our Website are encrypted to ensure protection against unauthorized access to your personal information. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of our Website. The information you share in public areas may be viewed by any user of our Website.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website or over any public network.
Any transmission of personal information is at your own risk. Without prejudice to any mandatory legal obligations to which we may be subject, we are not responsible for circumvention of any privacy settings or security measures contained on our Website.
Only authorized PULPe staff, or third party companies’ (i.e. service providers) staff have access to your personal data.
All PULPe and third-party authorized staff members who have access to your personal data are required to adhere to the staff confidentiality regulations.
8. Your rights
In accordance with your legal rights under EU Data Protection Law, you have a ‘subject access request’ right under which can request information about the personal data that we hold about you, what we use that personal data for and who it may be disclosed to as well as certain other information.
Usually we will have one month to respond to a subject access request.
However, we reserve the right to verify your identity and we may, in case of complex requests, require a further two months to respond.
We may also charge for administrative time in dealing with any manifestly unreasonable or excessive requests.
We may also require further information to locate the specific information you seek and certain legal exemptions under EU Data Protection Law may apply when responding to your subject access request.
Under EU Data Protection Law. you also have the following rights. which are exercisable by making a request to us in writing:
- (a) that we correct personal data that we hold about you which is inaccurate or incomplete:
- (b) that we erase your personal data without undue delay if we no longer need to hold or process it:
- (c) to object to any automated processing (if applicable) that we carry out in relation to your personal data. for example if we conduct any automated credit scoring:
- (d) to object to our use of your personal data for direct marketing:
- (e) to object and/or to restrict the use of your personal data for purpose other than those set out above unless we have a compelling legitimate reason: or
- (f) that we transfer personal data to another party where the personal data has been collected with your consent or is being used to perform contract with you and is being processed by automated means.
So we can fully comply, please note that these requests may also be forwarded on to third party data processors who are involved in the processing of your personal data on our behalf.
If you would like to exercise any of the rights set out above, please contact us at the address below.
If you make a request and are not satisfied with our response, or believe that we are illegally processing your personal data, you have the right to complain to the CNIL.
Under certain conditions you also have the right to have your personal data that is stored by the PULPe blocked and deleted, unless the PULPe has to keep these data for legitimate legal purposes.
To contact the PULPe with questions or issues about the PULPe’s data processing, you should contact the Data Protection Officer at the following e-mail address: email@example.com
This Statement may be revised and updated by the PULPe from time to time to comply with statutory data protection and privacy laws. The PULPe will post any statement changes on its website and, if the changes are significant, the PULPe will send a notice to the e-mail address provided in your Contact Profile.
If you need further assistance, please contact our Data Protection Officer: firstname.lastname@example.org