Data protectionPersonal data protection policy
The purpose of this personal data protection policy (hereinafter the policy) is to inform you about the processing of personal data implemented in the context of the organisation and conduct of the conference ‘Distance Education: A brave new world?’
1. General information The CNED is a national public administrative institution under the authority of the Ministry of National Education and Youth, of which it is the operator, as well as the Ministry of Higher Education, Research and Innovation. 1.1. Contact details of the Data Controller The Data Controller is the CEO of the CNED. He is located at: CNED – General Management Teleport 2, 2 boulevard Nicéphore Nièpce, BP 80300 86963 Chasseneuil - Futuroscope Cedex 1.2. Contact details of the Data Protection Officer As a public administrative institution, the CNED has appointed a data protection officer (hereinafter DPO). If necessary, he can be contacted in writing at: Mr Data Protection Officer CNED – General Management Teleport 2, 2 boulevard Nicéphore Nièpce, BP 80300 86963 Chasseneuil - Futuroscope Cedex
Or at the address DPO@ac-Cned.fr 2. Definitions Data Protection Officer (DPO): the internal guarantor of compliance with the law and regulations on the use of personal data within the CNED. Personal data (DCP): includes any information that can be linked directly or indirectly to a natural person. This can be for example a name and a first name, but also other data such as bank details when the data makes it possible to identify the person. Purpose of personal data processing: The purpose of personal data processing is the objective pursued by said processing. This may include, for example, managing the ordering and registration process or providing your online training space. Data controller: the natural or legal person who determines the purposes and means of the processing of personal data, and under whose responsibility this processing is carried out. Data processor: is the natural or legal person who carries out the personal data processing on behalf of and under the instructions of a data controller. For example, it may be an IT service provider. Processing of personal data: any use made of personal data constitutes personal data processing. It can for example include entering or modifying data, or simply accessing the data.
3. Legal grounds for data processing implemented by the CNED as part of this event According to Article 6 of (EU) Regulation 2016/679, it is specified that the legal basis for the personal data processing implemented by the CNED is: - Processing necessary for the organisation of the conference in which you wish to participate based on your registration - Consent for those who agree to receive information about the CNED and its projects (if appropriate)
4. Personal data collected and processed by the CNED 4.1. Origin of the data Personal data processed by the CNED originate from: - Yourself. This is the data you enter when you register for the conference. - Automatic data collection (for example, data related to your log in onto the conference website). Certain actions on your part result in the automatic transmission of information to the CNED. This is particularly the case during the conference to allow the platform to function. 4.2. Data processed and purposes The data collected are neither passed on or sold and they are not used to carry out user profiling or commercial purposes. For information on the data retention period, see paragraph "9. Retention of your data". 4.2.1. Data processed in connection with the management of your registration and payment Email*, username*, password*, surname*, first name(s)*,Title, telephone*, Personal website, Institution/Affiliation*, postal address of your institution*, Country of the institution*, centres of excellence, Date of the conference*, Registration fee*, proof of the rate (if applicable)*, methods of payment*, The data indicated (*) are mandatory. The others are optional 4.2.2. Data necessary for the smooth running of the conference: Email* First name* Last name* Function* Company/Institution* Telephone number*. This data is mandatory. 4.2.3. Data processed in connection with sending follow-up information on the activity of the CNED and in particular the projects of the Eifad: Email* First name* Last name* Function* Company/Institution* Telephone number*.
5. Protection of your data 5.1. Who has access to your data? The following have access to your data: - The CNED, the French academic journal Distance and Mediation of Knowledge (Distance et Médiation des Savoirs, DMS) and OU members of the organising committee - Service providers and subcontractors who provide and manage the conference platform. To provide you with a quality service, the CNED uses two external service providers (data processors within the GDPR regulation). Data necessary to the delivery of the service may be transferred to these service providers or may be accessed by them. As part of this service, the subcontractors are: - The CCSD through the sciencesconf.org platform, - The company Hubinstitute for the provision of the City Cast platform. The data processed on the instructions of the CNED by these two service providers are stored within the European Union. No commercial use of your personal data is carried out by either of these companies. 5.2. Physical and technical protection measures The CNED and its subcontractors implement physical and technical security measures to ensure the security and integrity of the data so that it cannot be subject to fraudulent extraction, modification or malicious deletion. These measures once implemented are proportionate to the sensitivity of the data and the impact that its corruption would have on you. These measures include: - Access to applications by authentication by a username/password pair - Access to premises protected by badges with access management policy - An even stricter policy of access to the premises of the CNED servers - A data backup policy - Securing data flows entered online through https - Encryption of data such as passwords. - A contractual framework for the service provider / data processor with a confidentiality agreement - Compliance with the General Safety Reference Framework applicable to administrations.
6. Use of cookies by the CNED 6.1. Types of cookies used The CNED pays particular attention to your information on its use of cookies. This site uses: - cookies necessary for the proper functioning of the site. As these cookies are necessary for the proper functioning of the websites WEB on which they are located, they are not subject to your consent. Failure to use them could lead to serious malfunctions of the sites with potentially serious consequences for the user. These are cookies that have the following functions:
7. Exercising your rights 7.1. Accessing and correcting your data You can update the personal data held by the CNED in the context of this service in several ways: - Through the organisers via the contact form. - On your personal space ‘My Space’ You can also request information from the CNED on all the data that the institution has on you. The CNED has a period of two months to respond to your request. 7.2. Right to object and delete You have a right of opposition, deletion, and right to be forgotten provided that the institution is not legally required to keep or archive this data. These rights can be exercised under the conditions determined in Article 7.1 above directly with the DPO at the address DPO@ac-cned.fr. The CNED has a period of two months to respond to your request.
8. Retention of your data 8.1. Retention period of your data Each data is kept for a limited period corresponding to what is necessary for the processing: - On the sciencesconf.org platform: while your account is live - On City Cast: for 6 months - For those who have agreed to be contacted by the CNED: for a period of two years. 8.2. Destruction, anonymization and archiving of your data At the end of the storage period necessary for the purpose concerned, your personal data are: - Permanently deleted - Archived in case of legal obligation (this is for example the case for payment information).
|
