This policy applies to all data collected on the websites managed by the Mérieux Foundation but also to the data collected as part of its activities.
As a Data Controller, the Mérieux Foundation is committed to collecting, managing, protecting and preserving your data in accordance with national requirements and those of the EU Regulation No. 2016/679, the General Data Protection Regulation (GDPR).
Personal Data: any information relating to an identified or identifiable natural person. A natural person is deemed to be “identifiable” if it can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to its physical, physiological, genetic, psychic, economic, cultural or social identity.
Data Processing: operation performed on Personal Data, including the collection, management, use, transmission, communication, retention or protection.
Data Controller: legal entity in charge of determining the purposes of the processing and the means implemented.
Subcontractor: legal entity that processes Personal Data on behalf of the Data Controller.
The Personal Data we collect may include your first and last name, e-mail address and, in certain circumstances, other particular categories of Personal Data with your explicit prior consent, or in a contractual framework or even if we are required to do so under a legal obligation incumbent on us.
The Mérieux Foundation ensures that the Personal Data in its possession is:
- collected for specified, explicit and legitimate purposes, and not further processed in a manner incompatible with those purposes;
- treated fairly and in accordance with the law, in full transparency vis-à-vis the person concerned (natural person);
- adequate, relevant and limited to what is necessary in view of the purposes for which they are processed (data minimization);
- accurate and, if necessary, kept up to date;
- processed to ensure adequate safety.
The Data Processing implemented by the Mérieux Foundation has explicit, legitimate and determined aims.
These purposes are mainly the following:
- Donor management;
- Registration management for our courses and conferences;
- Management of information and external communication (newsletters and brochures).
The Mérieux Foundation only communicates your Personal Data to the internal departments and Subcontractors who need it for the execution of the tasks entrusted to them and which they must carry out on behalf of the Mérieux Foundation.
All persons having access to your Personal Data are identified and held by an obligation of confidentiality.
We will retain your Personal Data in our systems for the longest of any of the following: (i) the period of time required for the activity or operations; (ii) any retention period imposed by law; (iii) the end of the limitation period applicable following a dispute or an investigation that may arise in the context of the activity or services concerned, unless prior request for deletion sent to email@example.com.
At the end of this period, your Personal Data will be destroyed, in accordance with the applicable regulations.
The Mérieux Foundation may outsource some of its Data Processing and, in this context, transfer Personal Data outside the European Union. In these situations, the Mérieux Foundation undertakes to conclude contractual clauses with the Subcontractors guaranteeing an adequate level of protection.
In addition, the Mérieux Foundation may also be required to provide your Personal Data in the event that such disclosure is required by law, an administrative authority or for the purposes of legal proceedings.
The Mérieux Foundation takes all necessary precautions (including administrative, technical and organizational measures) to protect your Personal Data against loss, theft and fraudulent subtraction, as well as against any unauthorized access, disclosure, alteration or destruction of Personal Data.
Although all security measures deemed reasonably necessary are applied once your Personal Data has been collected, we draw your attention to the fact that the transmission of data over the Internet (including via e-mail) is never fully secure.
In accordance with national and European law, any natural person is entitled to exercise the following rights with the Mérieux Foundation when the latter carries out a Processing of its Personal Data:
- Be informed of the existence and the purposes of any processing of his Personal Data;
- Access his Personal Data and request the correction or deletion of his Personal Data or a limitation of their Processing;
- Oppose the Processing as well as request the portability of his Personal Data;
- Withdraw, at any time, the consent given to the Mérieux Foundation;
- Be informed promptly informed by the Data Controller of any fraudulent loss or evasion of his Personal Data.
These rights can exercised to the Mérieux Foundation by mail to the following address:
17 rue Bourgelat
69002 Lyon, France
accompanied by a copy of a signed identity document, or by e-mail to the following address: firstname.lastname@example.org.
You can send a request for information regarding the Mérieux Foundation’s personal data protection policy by e-mail to the following address: email@example.com.
This data protection policy may be subject to updating or changes due in particular to legislative and / or regulatory developments. To this extent, we invite you to regularly check this page to keep you informed of how we protect your Personal Data.