Privacy policy

Purpose and scope of the Policy

The Inserm Foundation attaches the utmost importance and care to the protection of privacy and personal data, and to compliance with the provisions of the applicable Legislation.

Regulation (EU) 2016/679 of April 27, 2016 on the protection of individuals with regard to the Processing of personal data and on the free movement of such data (hereinafter “RGPD”) affirms that personal data must be processed lawfully, fairly, and transparently. Thus, this privacy policy (hereinafter the “Policy”) aims to provide you with simple, clear information on the Processing of personal data concerning you, as part of your browsing on the Inserm Foundation website.

Data Controller

In the context of your activity on the www.fondation-inserm.org website, on the donation forms, on the donor space, and according to the various interactions you may have with the Inserm Foundation, we collect and use personal data relating to you, individuals (hereinafter referred to as the “Data Subject”).

For all Processing, the Inserm Foundation determines the means and purposes of the Processing. As such, we act as a Data Controller, within the meaning of the Regulations relating to personal data, and in particular Regulation (EU) 2016/679 on the protection of individuals with regard to the Processing of personal data and on the free movement of such data. If you have any questions or complaints regarding the Inserm Foundation’s compliance with this Policy, our DPO is here to answer all your requests, in particular to exercise your rights under the LIL and the RGPD, relating to your personal data. You can reach him by e-mail at the following address: dpo@inserm.fr

What personal data do we collect and how?

When you use our website (subscribe to news, make a donation, request information), you provide us with a certain amount of information about yourself, some of which can be used to identify you (“personal data”). This is the case when you browse our site and fill in online forms.

The nature and quality of the personal data collected about you vary according to the relationship you have with the Inserm Foundation, the main ones being :

  • Identification data: this includes any information that would enable us to identify you, such as your surname, first name, telephone number, date of birth, nationality and professional status. We may also collect your e-mail address, as well as your postal address (the postal address is required to issue a tax receipt in the event of a request following a donation).
  • Connection data: this is all the information we need to access your personal account, such as password, and other information required for authentication and access to a donor area account. We also collect your IP address for maintenance and statistical purposes.
  • Financial data: this corresponds to bank details such as your bank details. We do not store your credit card details when you make a donation on a form.
  • Browsing information: when you browse our website, you interact with it. As a result, certain information relating to your browsing is collected.
  • Data collected from Third Parties: personal data that you have agreed to share with us or on publicly accessible social networks and/or that we may collect from other publicly accessible databases.

Do we share your personal data?

Your data is intended for use by authorized Inserm Foundation employees in charge of managing and executing contracts and legal obligations, depending on the purpose of the data collection and within the limits of their respective responsibilities.

It may be passed on to the following recipients for certain tasks related to the purposes, and within the limits of their respective missions and authorizations:

  • Service providers and subcontractors we use to carry out a range of operations and tasks on our behalf:
    • For hosting the website and donation forms
    • For hosting our database
    • For processing tax receipts
  • Charitable partners (for the exchange of your data with other charities) or commercial partners of the Inserm Foundation (for marketing operations) only when you have expressly consented to this via a checkbox present on our donation collection forms;
  • Duly authorized public authorities (judicial, supervisory, etc.), as part of our legal and regulatory obligations;

When your data is communicated to our service providers and subcontractors, we also ask them not to use the data for purposes other than those originally intended. We make every effort to ensure that these third parties maintain the confidentiality and security of your data.

In all cases, only the necessary data is provided. We make every effort to ensure the secure communication or transmission of your data.
We do not sell your data.

Are your personal data transferred to third countries?

The Inserm Foundation endeavours to store personal data in France, or at least within the European Economic Area (EEA).

However, it is possible that the data we collect when you use our platform or as part of our services may be transferred to other countries. This is the case, for example, if some of our service providers are located outside the European Economic Area.

In the event of a Transfer of this type, we guarantee that it will be carried out :

  • To a country offering an adequate level of protection, i.e. a level of protection equivalent to that required by European regulations;
  • Within the framework of standard contractual clauses ;
  • Within the framework of internal company rules.

How long do we keep your personal data?

We retain your personal data only for as long as is necessary to fulfil the purpose for which we hold the data, to meet your needs or to comply with our legal obligations.

Shelf lives vary depending on a number of factors, such as :

  • The needs of the Inserm Foundation’s activities;
  • Contractual requirements ;
  • Legal obligations ;
  • Recommendations from supervisory authorities.

How do we guarantee the security of your personal data?

The Inserm Foundation undertakes to protect the personal data that we collect, or that we process, against loss, destruction, alteration, unauthorized access or disclosure.

We implement all appropriate technical and organizational measures, depending on the nature of the data and the risks involved in processing it. These measures must preserve the security and confidentiality of your personal data.

What are your rights?

In accordance with the RGPD and the LIL law,

  • the right to access your personal information in order to verify its accuracy and, if necessary, to rectify, complete or update it.
  • a right of opposition: the right to object at any time to the transmission of your data and to have your data collected no longer in the future. Exercising your right to object must not affect the lawfulness of any processing previously carried out. Exercising this right may result in your donation being rejected by Inserm, as we would be unable to process it.
  • the right to limit data processing: the right to temporarily block the use of your data: no operations may be performed on it.

If you wish to exercise these rights and obtain information about your personal data, please contact the data controller (Fondation Inserm, 2 – 10 rue d’Oradour-sur-glane75015 Paris or by e-mail fondation.contact@inserm.fr).

If you have any difficulty in exercising your rights, you can also contact Inserm’s Data Protection Officer by e-mail(dpo@inserm.fr).

You also have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés – CNIL – the French personal data protection authority, 3 Place de Fontenoy – TSA 80715, 75334 PARIS CEDEX 07 or online at https://www.cnil.fr.

Updating this Policy

This Policy may be updated from time to time to take account of changes in regulations relating to personal data.