PRIVACY POLICY

1. Preamble

This Privacy Policy is edited by IRCAD (Institute for Research against Cancer of the Digestive System), active since 01/06/1993, registered under SIREN number 391854791, whose head office is located 1 place de l’hôpital, 67000 Strasbourg.

IRCAD is known worldwide as a research and training institute. Every year, several thousand surgeons from all over the world are trained by a team of hundreds of international experts. IRCAD’s research work is oriented towards the development of less and less invasive surgical techniques.

The result is an alliance between technology and surgery, so that distance is no longer an obstacle to surgery.

The respect of privacy and the protection of personal data are at the heart of IRCAD’s concerns. The processing of your personal data is subject to compliance with the law, currently the amended law 78-17 of January 6, 1978; and the European regulation (EU) 2016/679 on the protection of personal data, known as “GDPR”, or any other legislative or regulatory act modifying them.

This privacy policy covers the processing related to:

  • the management of the www.ircad.fr website;

2. Definitions

“Personal data”, “processing”, “controller”, “processor”, have the same meaning as in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data, known as “GDPR”:

  • personal data: any information relating to an identified or identifiable natural person; an “identifiable natural person” is deemed to be a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
  • processing: any operation or set of operations which may or may not be performed upon personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Controller: the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing; where the purposes and means of such processing are determined by Union law or by the law of a Member State, the controller may be designated or the specific criteria for such designation may be laid down by Union law or by the law of a Member State.
  • Processor: the natural or legal person, public authority, department or other body which processes personal data on behalf of the controller.

3. The Data Controller

IRCAD is responsible for the processing of your data concerning the processing activities related to:

the use of the ircad.fr website,
The association makes every effort to comply with the regulations in force on the protection of personal data and respect for privacy.

4. Categories of data Subjects and Personal Data

The categories of persons concerned by our processing are

  • the user of the Site www.ircad.fr;
  • the participants in the training courses;
  • the sponsor (industrial), or the agency that manages the registration on behalf of a participant.

By personal data, we mean data that identifies you directly, as well as data that does so indirectly. In the course of the technical and functional administration of the ircad.com site, we process several categories of personal data, including

  • identification/contact data
    • for example, name, first name, postal address, billing address;
  • data related to your professional life
    • for example, a study on the number of “open”, mini-invasive, robotic surgeries;
  • financial data
    • for example, the type of payment method;
  • connection data
    • for example, IP address, logs.

The personal data collected in the context of the use of the Website (www.ircad.fr) are the data obtained via cookies: IP address, browser, operating system.

5. How do we collect this Data ?

As part of the technical and functional administration of the ircad.com website, we collect most of the personal data directly from you. However, we may collect and process certain data indirectly, such as data obtained through cookies. You provide us with this personal information :

  • when you browse and use our Website.

6. When are you required to provide us with this information ?

If you use our services, you agree to this Privacy Policy and to the IRCAD’s cookie policy. You can visit our Website without telling us who you are. We do, however, use cookies in order to obtain, among other things, statistics regarding the use of our Website.

As part of our training activities, you must provide us with this data so that we can process your application, follow up on your request, and provide our services.

7. Processing and use of your personal data

The processing carried out in the context of the use of the ircad.fr website is intended to

  • carry out the technical and functional administration of the ircad.fr site;
  • studies on the conversion rate of open surgery;
  • implement aggregate statistics.

In general, your personal data is processed in order to:

  • deliver our training services ;
  • respond to and follow up on your request for information about our services;
  • manage our commercial relationship;
  • comply with the legal and regulatory provisions to which we are subject.

8. Cookies

We use cookies on our Website to improve its performance and obtain statistics. Cookies are small text files containing data stored in your computer. They contain data regarding your visits to websites. Our cookies fall into the following categories: “essential”, and “analytical”.

  • “Essential” cookies are necessary for the proper functioning of the site;
  • “Analytical” cookies record data related to your visits to the Website in order to compile statistics and improve its performance and content. The website uses “Google Analytics” and “Google Tag Manager”. You may opt out of “Google Analytics” collection and storage of data by downloading an add-on module to your browser: tools.google.com/dlpage/gaoptout?hl=en.

Most browsers are automatically set to accept cookies. However, you can parameter your browser in order to be notified when a cookie is sent. For any further information about the use of cookies, we would like to refer you either to www.allaboutcookies.org or to the CNIL site (www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser).

Our Website may contain links to third party websites, and their very terms of use are not covered by our privacy policy. We recommend that you read their privacy policy and personal data protection.

9. Retention period

We retain most of your personal data for as long as you keep using our services. We do not retain your personal data beyond the time necessary for the purposes for which it was collected while taking into account applicable regulatory requirements such as accounting and tax obligations.

The cookies linked to the Website have a limited life span of thirteen (13) months after their first deposit within the user’s terminal equipment.

10. Data security

We take appropriate technical and organizational measures to ensure that your personal data are secured against data breaches. Your personal data is only accessible to those persons who need access to such data on a “need-to-know” and “least privilege” basis.

We use the following measures, among others:

  • cryptographic mechanisms such as the https encryption protocol using an SSL/TLS (Secure Sockets Layer) certificate;
  • access rights management (authorized person) according to the “need to know” and “least privilege” principles;
  • a backup policy.

No mechanism offers any absolute security, and there is always a degree of risk involved in using the Internet to convey personal data.

11. Recipients of your data

We may transfer your data to our subcontractors, who are also subject to our data protection policy, in charge of designing, maintaining, and securing our information and telecommunications systems.

We may convey your data to third parties in charge of our accounting and tax obligations. In some cases, the law requires us to communicate your personal data to third parties (public or judicial authorities), and this only at their express request.

12. Your rights

n accordance with the 2016/679 (EU) Regulation, known as “GDPR”, you have the following rights regarding your personal data: right to information, access, rectification, deletion (right to be forgotten), limitation of data portability, to object to a decision based exclusively on automated processing.

To exercise your rights, you can send your dated and signed request to our Data Protection Officer (DPO). In application of the “GDPR”, of the modified Data-processing law and Freedoms, in the event of reasonable doubt as to the identity of the person, the IRCAD may request additional necessary information includinga photocopy of an identity document bearing the signature of the holder, whenever the situation requires it.

By postal mail to:IRCAD
To the attention of: Data Protection Officer (DPO)
1 place de l’hôpital
67000 STRASBOURG
By email to: dpo@ircad.fr

 

As soon as we receive your complete request, we will respond within a maximum of 30 calendar days. You can also make a complaint to the Commission Nationale de l’Informatique et des Libertés (CNIL) at the following address:

Commission Nationale de l’Informatique et des Libertés
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07

13. Changes in our privacy policy

We may change this Privacy policy from time to time and you should regularly check this document or our Website www.ircad.fr to review any changes.

14. The main laws concerned

The 2016/679 (EU) Regulation of the European Parliament and of the Council as of April 27, 2016 (General Data Protection Regulation, or GDPR) on the protection of individuals with regard to the processing of personal data and the free movement of such data.

Law No. 78-17 as of January 6, 1978, as amended, relating to information technology, files and freedoms, consolidated version as of June 1, 2019; the Decree No. 2019-536 as of May 29, 2019 taken for the application of law No. 78-17 as of January 6, 1978.