In the course of our activities, the Fondation Pierre Fabre (the “Foundation” or “we”) may process personal data on you, complying with all applicable regulations.
This policy explains how we go about this.
We update this policy regularly to take into account legislative and regulatory developments, as well as any changes in how we process personal data at the Foundation. You can consult it at any time via our website.
This policy was last updated on September 1st, 2023.
Who are we?
The Foundation is the data controller in respect of the personal data we collect on visitors to the following website: https://www.odess.io/
What are our commitments to you?
We commit to complying with all applicable regulations in our processing of personal data. This involves respecting the following principles:
- We process your personal data lawfully, fairly and transparently.
- We collect your personal data for specific, explicit and legitimate purposes and will not perform any processing that is incompatible with those purposes.
- We ensure that the personal data we collect is adequate, relevant and limited to what is necessary for the purposes of the processing.
- We make every effort to ensure that the personal data we collect is accurate and, where applicable, kept up to date. We take all reasonable steps to promptly delete or correct any personal data found to be inaccurate in light of the purposes for which it was collected.
- We keep your personal data in a form that allows you to be identified only for as long as is necessary for the purposes of the processing.
- We guarantee appropriate security measures in respect of the personal data we process.
The above principles translate as follows in our data processing activities:
- We respect your privacy.
- We make protecting and ensuring the security of your personal data a primary concern.
- We will not use your personal data for any purposes other than those of which we have informed you.
- We will not keep your personal data indefinitely.
- We will not sell your personal data to any third parties.
- We work with trusted partners who offer sufficient guarantees as regards the technical and organisational measures they implement to ensure that our processing of your data complies with all applicable regulatory requirements.
- We respect your rights as a data subject and will make every effort to comply with any justified requests from you as regards your data.
What types of personal data do we process and how long do we keep it for?
Personal data means any information relating to an identified or identifiable individual (a “data subject”). This can include your first and last name, your postal address or your e-mail, for example.
We will only process personal data as strictly necessary for the purposes for which it has been collected. We will not keep your personal data for any longer than necessary in light of those purposes.
We process the following types of personal data:
Processing activity | Legal basis | Type of personal data | Retention period (active database) |
Newsletter management | Legitimate interest | Identity data | Three years as from the last contact with the data subject |
Enquiry management | Legitimate interest | Identity data Data relating to the enquiry | Until the enquiry has been fully dealt with |
Registration on the platform | Legitimate interest | Identity data | Two years as from the last contact with the data subject |
Submission of a project (eHealth form) | Legitimate interest | Identity data Project data | Two years as from the last contact with the data subject or the date on which the form was submitted |
Profile management | Legitimate interest | Identity data | Two years as from the last contact with the data subject |
Who can access your personal data?
We will only share your personal data as necessary and only with the following parties:
- Our authorised staff,
- Our subcontractors and trusted service providers, responsible for, in particular:
- website hosting,
- storage of your personal data,
- hardware/software maintenance.
We make every effort to ensure that your personal data is shared with as few people as possible.
We only share with our trusted service providers the data they need in order to provide their services; in no circumstances are they authorised to use your personal data for any other purposes.
We always make every effort to ensure that our trusted service providers keep your data secure.
We also make sure that our trusted service providers promptly delete any personal data held on you when our contract with them comes to an end.
We take great care when selecting our trusted service providers to ensure that they offer sufficient guarantees of their ability – especially in terms of expertise, reliability and resources – to implement the necessary technical and organisational measures to ensure compliance with all applicable legislation, especially on security. In this respect, we make sure that our trusted service providers only process your personal data as and when we instruct them to do so. We keep records of our instructions to them. We also check that their staff sign a confidentiality undertaking or are bound by an appropriate legal requirement to respect the confidentiality of your data.
What are your rights as a data subject?
In certain circumstances, you can request access to or rectification, erasure or transfer of your personal data, or the restriction of our processing of it.
You also have the right to lodge a complaint with a supervisory authority.
For more information on your rights, go to www.cnil.fr
To exercise your rights:
- You can e-mail: dpo@fondationpierrefabre.org
- Or write to us at: 170 Chemin d’En-Doyse, 81500 Lavaur, France