Privacy notice

GENERAL PRIVACY POLICY AND PERSONAL DATA PROTECTION
Effective as of 01/02/2024

 

The Organization for Partnerships in Leukemia (OPALE), hereinafter referred to as "OPALE" or "OPALE Association," is committed to ensuring the protection of personal data collected through this this website www.opale.org hereinafter referred to as the 'Site'" website and/or through any digital or paper medium. This General Privacy Policy and Personal Data Protection details how OPALE, as the data controller, processes and protects the personal data collected in accordance with the provisions of the Law of January 6, 1978 on information technology, data files, and freedoms, also known as the Law "Informatique et Libertés" and the European Regulation of May 25, 2018 on data protection ("GDPR"). Depending on the legislation of your country, the General Privacy Policy and Personal Data Protection may be supplemented or modified by local provisions.

 

1. SCOPE OF THIS GENERAL PRIVACY POLICY AND PERSONAL DATA PROTECTION

This General Privacy Policy and Personal Data Protection applies to all content and services of OPALE Association that involve data collection.

No personal information is collected without your knowledge, and no personal information is used for purposes other than those intended.

OPALE Association undertakes not to disclose to third parties the information and personal data communicated to it. These are confidential and will only be used for processing requests and prospecting activities.

This General Privacy Policy and Personal Data Protection applies to:

  • OPALE Partners
  • Individual clients or prospects of OPALE,
  • Users browsing the Site,
  • OPALE suppliers.

 

2. DEFINITIONS

“processing of personal data” means an organized set of operations performed on personal data (collection, structuring, storage, modification, communication...).

“personal data” means any information that allows the identification of a human being (natural person), directly (e.g., name/first name) or indirectly (e.g., phone number, email address). The data subject is the person who can be identified by the data used in the context of the processing of personal data.

“data controller” means the person who decides how the processing of personal data will be implemented, in particular by determining what the data will be used for and what tools will be used to process it.

“data processor” means the one who performs operations on the data on behalf of the data controller, signing a contract with the data controller that entrusts it with certain tasks and ensures that it has the technical and organizational guarantees allowing it to process the personal data entrusted to it in accordance with the regulations.

"cookie" means a set of data stored on computer equipment (computer or other device connected to the Internet) necessary for the operation of a website.

 

3. CATEGORIES OF DATA COLLECTED AND RETENTION

In accordance with the principle of minimization, only strictly necessary personal data are collected and processed.

The information that may be collected includes:

1. Personal data

The personal data collected on digital or paper media are as follows:

  • Identification data: name, first name, gender, date of birth, company
  • Contact data: email and postal address, phone number

2. Anonymized data

Through cookies, the Site anonymously collects the following activity data: connection times, pages viewed, country of origin of the connection, clicked elements.

3. Data retention

Data is kept for the time necessary for the purposes for which it is collected and processed.

 

4. PURPOSES

Personal data is collected for the following purposes:

  1. Providing information requested by the User: newsletter, response to contact form
  2. Establishing a contact base in OPALE's CRM
  3. Allowing access to personal services via the site's extranet
  4. Establishing usage statistics of the Site, analyzing its activity, and proposing improvements to it.

 

5. DATA PROCESSING

The data controller may occasionally call upon third parties, service providers, and must take all necessary measures to ensure the integrity, confidentiality, and access to this data. The data controller may transmit personal data at the request of any legally competent authority or on its own initiative if they believe in good faith that the transmission of this information is necessary to comply with laws or regulations or to defend and/or protect the rights or property of OPALE, its customers, its Site, and/or yourself.

For any technical questions or to unsubscribe from receiving information by email, an email can be sent to the address contact@opale.org or via the Site's contact form.

Data processing is established based on the principles of consent and legitimate interest.

 

6. SECURITY MEASURES 

In order, as far as possible, to prevent unauthorized access to the personal data collected in this context, appropriate organizational and technical measures to preserve the security, integrity, and confidentiality of your Personal Data are implemented. These procedures concern both the collection, storage, and access to this data, in order to prevent their damage, deletion, or access by unauthorized third parties, intentionally, accidentally, or unlawfully.

Access to your personal data is strictly limited to employees and authorized personnel by virtue of their functions and subject to a confidentiality obligation, and where applicable, to customers or subcontractors. The partners in question are subject to a confidentiality obligation and may only use your data in accordance with our contractual provisions and applicable law.

Outside the cases mentioned above, we undertake not to sell, rent, assign or give access to third parties to your data without your prior consent, unless compelled by a legitimate reason (legal obligation, etc.). However, the data collected may be communicated to subcontractors contractually responsible for carrying out the tasks necessary for the proper functioning of OPALE and its services as well as for the proper management of the relationship with you, without the need for you to give your authorization.

It is specified that, in the context of the performance of their services, subcontractors have only limited access to your data and have a contractual obligation to use them in accordance with the provisions of the applicable legislation on the protection of personal data.

 

7. HOSTING AND SHARING WITH SUBCONTRACTORS

OPALE calls on SAS Revolucy for the development the Site and CRM. In this context, the company may process the collected data as data processor. It is not authorized to use it for any purpose other than to ensure the proper functioning of the services it has set up. The sending of newsletters is managed by the API Sendinblue of the company Brevo, associated with OPALE's CRM. Traffic data analysis is carried out via Google Analytics.

OPALE calls on SARL Monarobase to ensure the hosting of the Site. The data collected is stored in France, on the servers of the hosting provider.

 

8. RECTIFICATION ET SUPPRESSION DES DONNÉES

Under the Law " Informatique et Libertés ", the User has the right to access, rectify, delete, and object to his personal data. The User exercises this right:

  • Via the following email address: contact@opale.org
  • Via a contact form;
  • Via their personal space.

 

9. MODIFICATION OF THE GENERAL PRIVACY POLICY AND PERSONAL DATA PROTECTION

OPALE reserves the right to evolve this General Privacy Policy and Personal Data Protection at any time to take into account the evolution of its practices as well as new regulations regarding the protection of personal data.

 

CONTACT DETAILS

INSTITUT CARNOT OPALE - Institut de Recherche Saint-Louis, Hôpital Saint-Louis, 1, avenue Claude Vellefaux, 75010 Paris, France

SIRET: 434 794 590 00019

Email : contact@opale.org