– On how their personal data is collected. Any information that can be used to identify a user is considered personal data. For this reason, it can be: his name and surname, his age, his postal or email address, his location or his IP address (non-exhaustive list);
– On the rights they have regarding this data;
– About the person responsible for processing the personal data collected and processed;
– On the recipients of this personal data;
This policy completes the legal notice and the General Conditions of Use which can be consulted by users by clicking here.
1- Principles for the collection and processing of personal data
In accordance with Article 5 of the European Regulation 2016/679, personal data are:
– Processed in a lawful, fair and transparent manner with regard to the data subject;
– Collected for specified, explicit and legitimate purposes (see Article 3.1 hereof) and may not be further processed in a manner incompatible with those purposes;
– Adequate, relevant and limited to what is necessary for the purposes for which they are processed;
– Accurate and, if necessary, kept up to date. All reasonable steps must be taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
– Kept in a form that permits identification of the data subjects for no longer than is necessary for the purposes for which they are processed;
– Processed in such a way as to ensure appropriate security of the data collected, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
Processing is lawful only if, and to the extent that, at least one of the following conditions is met:
– The data subject has consented to the processing of his/her personal data for one or more specific purposes;
– The processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the request of the data subject;
– The processing is necessary to comply with a legal obligation to which the controller is subject;
– The processing is necessary to protect the vital interests of the data subject or another natural person;
– The processing is necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller;
– The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child.
2- Personal data collected and processed in the context of navigation on the site
The personal data collected on our donors and/or alumni are recorded in a computerized file by the ISAE-SUPAERO Foundation. It is intended for use by the fundraising departments (development office and administration) solely for the purposes of internal management of donations, answering questions expressed, our appeals for generosity or the sending of our communications in order to keep you informed of our activity, and in particular :
- Management of contact requests
– Data : Name / First name / Tel / E-mail address / City
– Legal basis: consent
- Management of the application file
– Data : Name / First name / Date of birth / Mailing address / E-mail address / Phone number / Diplomas / Covering letters / Scholarship status / Family situation / Photo
– Legal basis: Performance of the contract (pre-contractual measures)
- Subscribe to the newsletter
– Data : Name / First name / E-mail address
– Legal basis: consent
- Donation management
– Data: Name / First name / E-mail address / Mailing address / Telephone number / Promotion and degree
– Legal basis: legitimate interest (issuing tax receipts)
- Navigation on the ISAE-SUPAERO Foundation website
– Data : none
The ISAE-SUPAERO Foundation website is hosted by : HOSTINGER
The CRM used for data storage is Eudonet.
3- Data controller and data protection officer
The data controller
Personal data are collected by the ISAE-SUPAERO Foundation, which is recognized as being of public utility.
The person responsible for processing personal data can be contacted via the address: firstname.lastname@example.org
4- User’s rights regarding data collection and processing
Any user concerned by the processing of their personal data may avail themselves of the following rights, pursuant to the European Regulation 2016/679 and the Data Protection Act (Law 78-17 of 6 January 1978):
– Right of access, rectification and right to erasure of data (laid down in Articles 15, 16 and 17 of the GDPR respectively);
– Right to data portability (Article 20 of the GDPR);
– Right to limit (Article 18 of the GDPR) and object to data processing (Article 21 of the GDPR);
– Right not to be subjected to a decision based exclusively on an automated process;
– Right to determine the fate of data after death;
– Right to refer to the competent supervisory authority (Article 77 of the GDPR).
To exercise your rights, please send your request to email@example.com
In order for the data controller to process the user’s request, the user may be required to provide certain information such as: first and last names, e-mail address, and account, personal space or subscriber number.
Consult the cnil.fr website for more information on your rights.
The publisher of the ISAE-SUPAERO Foundation site reserves the right to modify the present Policy at any time in order to ensure that the users of the site comply with the law in force.
Any changes will not affect previous purchases made on the site, which will remain subject to the Policy in effect at the time of purchase and as accepted by the user at the time of purchase.
The user is invited to take note of this Policy each time he/she uses our services, without the need to formally notify him/her.
This policy was issued in July 2022