Personal data protection charter
Personal data protection charter: latest version from October, 23rd 2018
This charter defines and notifies you of the way in which Institut Curie uses and protects any of your Personal Data that we might process and collect while you browse the Websites managed by Institut Curie.
Institut Curie may ask you to supply some of your Personal Data (as defined hereinafter in Section 2). By supplying your Personal Data, you expressly agree to let us process it for the purposes stated in Section 4 below, “Purposes.” If you refuse, you may not be able to use certain information or services offered by Institut Curie’s various websites.
However, you can visit Institut Curie’s websites without sharing any Personal Data and, in any event, you are in no way obligated to transmit said Personal Data to us.
Pursuant to General Data Protection Regulation No. 2016/679 adopted by the European Parliament on April 14, 2016 (hereinafter “GDPR”) and French Data Protection Act No. 78-17 of January 6, 1978, as amended, Institut Curie hereby notifies you of the following:
Identity of the Controller
The Personal Data controller and his/her contact information are: Institut Curie, 26 rue d'Ulm, 75248 Paris Cedex 05
Personal Data Collected
Personal Data are those covered hereinafter and they vary according to the method of their collection. They come from:
- the contact form of Institut Curie’s institutional website. The Personal Data collected will be: last name, first name; email address;
- the grant form of Institut Curie’s institutional website: last name, first name, birth date, telephone number, mailing address, banking information.
- data collected through cookies (see Cookie Management Policy).
These purposes are primarily:
- to answer your questions (any type of question via the contact, appointment, or job application forms);
- to manage information and external communications (newsletters and brochures);
- to manage donor, testator, potential donor, and potential testator relations;
- to comply with our legal, regulatory, and contractual obligations;
- to manage any court action brought against us;
- to manage real property from bequests or donations;
- to manage the monitoring of donation processing;
- to carry out automated processing activities;
- and to fulfill our commitments in a secure environment.
Data Retention Period
Your Personal Data are stored for as long as is required to achieve the aforementioned purposes. For more information, you can email our Data Protection Officer at email@example.com.
Recipients of Your Personal Data
Your Personal Data may be shared with the following recipients, as required to achieve one of the purposes mentioned above that requires the Processing of your Personal Data:
- event management, advertising, and marketing agencies, community platforms;
- printers, document management companies, and paper or online archiving companies;
- research or statistical analysis companies;
- third-party application maintenance, software service, or hosting providers;
- donation platforms;
- and in the event of litigation: to investigators, legal counsel, collection agencies, bailiffs, attorneys, notaries and, as applicable, parties to the litigation.
Personal Data Transfer
We may transfer your Personal Data outside the European Economic Area (EEA) for one of the purposes listed above.
In the event of such a transfer, we will make sure that your Personal data have the same protection as Personal data in the European Economic Area and, to that end, any sharing of your Personal data to a third party outside the European Economic Area will be done, in compliance with European regulations on Personal Data protection, and, as such, the standard contract clauses prepared with the European Commission will be drawn up with any third parties who will have access to your Personal Data.
Cookies installed on your equipment
When viewing one of the Websites of Institut Curie, information about your browsing on your terminal may be saved in the cookie files installed on this latter, subject to the choices you express and that you can modify at any time. Only the issuer of a cookie may read or modify the data it contains.
What is a cookie?
A cookie is a file that is installed on the hard drive of a website’s visitor. With cookies, a visitor’s preferences can be reused, or their browsing habits can be measured. In this way, the website can be improved in terms of services provided and user experience. The site can also provide information tailored to the visitor’s preferences. Only the issuing website of a cookie may read or modify the data it contains. A cookie can have a shorter or longer active life (as short as the website visit or as long as several years). The website or online service provider decides on the lifetime according to how the cookie is used.
Important Information on Consent
Your consent does not have to be obtained in advance for the storage or readout of certain cookies, either because they are not handling any Personal Data on you, or because they are strictly necessary to provision of the service that you are requesting. Your consent must be obtained in advance for the storage or readout of cookies other than those mentioned above.
At any time, you can object to the storage or readout of the Cookies we use, either by deleting them from your devices or by changing your browser’s parameters as described below.
What Cookies do we use?
Institut Curie’s websites use three types of cookies:
- Cookies that are technically required for the websites’ smooth operation. These cookies are used to access the websites’ restricted or personal areas.
- Cookies that are used to measure and analyze internet users’ browsing behavior. These cookies are used to establish statistics on traffic to and use of the different components of Institut Curie’s websites (sections and content visited, path), so it can improve its content’s relevance and useability.
- Cookies used by the social media page-sharing service. These cookies measure how the different content sharing buttons that Institut Curie provides are used.
For cookie management, Institut Curie may set up partnerships with the following companies: Google, Amazon, Facebook, Twitter, LinkedIn, etc. These companies use the data collected to improve their services, in compliance with their policies of respecting Personal Data.
How to configure your browser
Most browsers accept cookies by default. However, you may choose to block those cookies or set your browser to notify you when a site tries to install a cookie on your device.
Please refer to your browser’s help menu to set cookies according to your preferences. Below you will see links to the cookie setting notices for the major browsers:
More generally, we invite you to consult “Vos traces”on the Website of the French Data Protection Authority.
How long do we keep Cookies?
We make sure to limit the cookies’ valid period while offering you quality personalized service.
Type of Cookie
Cookies needed for Website operation
Session and security maintenance
Up to 24 hours
Web pages consulted
Statistics on Website visits
Information available to each third party involved
Sharing content from our Websites on social media
Pursuant to the GDPR, you have the right of:
- access to your Personal Data;
- correction of them;
- deletion of them, if doing so does not violate other regulatory or contractual requirements;
- portability (the right of portability gives you the option of retrieving a portion of your data in a structured, commonly used, and machine-readable format) if the processing is based on your consent or a contract and is carried out by automated processes;
- objection to the processing of your Personal Data (in this context, some of the services offered by Institut Curie may not be accessible to you);
- restriction on the processing of your Personal Data in order to verify their accuracy, object to their deletion, or exercise or defend your rights in court;
- withdrawal of your consent at any time, without prejudice to the lawfulness of the consent-based processing completed prior to withdrawal;
- filing of a claim with the CNIL, to which you may email a request by clicking here.
To exercise your rights, please email your request to our Data Protection Officer at firstname.lastname@example.org. The CNIL has put an automatic letter generator on its Website under “Addresses for action.” We invite you to use it.
Amendments to this Charter
We reserve the right to make changes to this charter at any time. We advise you to consult this charter regularly, as it may be modified at any time without prior notice.