Personal data protection
The personal data concept covers all information related to an individual who is identified or who may be identified, directly or indirectly, in particular with reference to an identifier (for example, a name or identification number) or to one or more elements specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
To this end, BRGM undertakes to respect Regulation (EU) 2016/679 of the European Parliament and Council of 27th April 2016 on the protection of natural persons with regards to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC, hereafter referred to as "GDPR", and the modified law n° 78-17 of 6th January 1978 on IT, files and liberties, hereafter referred to as "the Regulation".
This policy describes how BRGM collects, uses and manages personal data and the rights of the users concerned.
For any information about personal data protection, you may also consult the website of the French National IT and Liberties Commission.
1. Who should you contact if you have any questions about your personal data?
2. What types of personal data about you does BRGM collect?
Depending on the circumstances, BRGM is required to collect certain personal data, which is listed below:
- Identity information: surname, first name, age, photograph, gender, date and place of birth, nationality, identity document references.
- Contact information: professional and personal details.
- Information about your career path.
- IP addresses and connection data when you browse BRGM websites or access BRGM information systems.
- Data needed to carry out contracts.
- Data needed to manage event relations and communication, training, contact, promotion, investment and partnership operations.
3. For which reasons and for what purpose does the BRGM collect your personal data?
BRGM may be required to collect personal data about you, as a processing manager but also as a sub-contractor, to answer your requests, to comply with its legal and conventional obligations, to carry out a contract, for public interest reasons or for a legitimate interest.
BRGM collects personal data bout you where applicable via forms and contact pages, in particular to process online registrations, subscriptions to newsletters or publications, to collect comments and answer questions about BRGM's activities and the scientific and technical information it produces or circulates, statistical studies and surveys, when you consult websites, to provide access to data or software for download or for internal and external communications actions, such as communication event management and the organisation of training sessions, conferences and so on.
4. With whom does BRGM share your personal data?
BRGM is likely to transfer your personal data to service providers and/or sub-contractors, in particular to monitor how requests are processed, to run, improve or maintain its activities and services and to administer its sites.
5. Where is your personal data stored and processed?
Your personal data is processed where possible at BRGM, within the national territory or the European Union. To find out more, you may contact the data protection officer at the following address: firstname.lastname@example.org.
6. How long does BRGM keep your personal data?
BRGM only keeps your personal data for only the time strictly necessary for the purposes described above.
After this time or when requested by you, your personal data is erased from our active databases and is only kept as archives in order to provide evidence of a right or for the execution of a legal obligation or a contract.
In accordance with the archiving policy, at the end of the applicable conservation period:
- Your personal data is either deleted or destroyed in a secure way;
- Or your personal data is made strictly anonymous;
- Or your personal data is archived for records in the public interest, for historical purposes or for statistical purposes.
To find out more, you may contact the data protection officer at the following address: email@example.com.
7. What are your rights to your personal data?
You have rights to your personal data. In accordance with the Regulation, in particular articles 15 to 22 of the GDPR, and after justifying your identity, you have the right to request its access, correction or erasure.
In addition, within the limits placed by the law, you also have the right to oppose the processing and request the limitation of your personal data, decide how your personal data is used after your death and exercise the portability right for the personal data provided.
Caution: these rights are not absolute and remain limited. Any unfounded or abusive requests in particular with relation to the security imperatives, laws and regulations may be rejected.
To exercise these rights, you may contact the data protection officer at the following address: firstname.lastname@example.org.
In addition, where applicable you may withdraw your consent at any time. Withdrawal of consent does not compromise the legal nature of the processing based on the consent provided before this withdrawal.
8. How does BRGM secure your personal data?
BRGM ensures that your data is processed in complete security and confidentiality, including when certain operations are carried out by sub-contractors. To this end, BRGM information system security policy defines the appropriate technical and organisational measures to prevent the loss, improper use, alteration and deletion of your personal data. These measures are adapted according to the level of sensitivity of the personal data processed and according to the level of risk presented by its processing or implementation.
9. Can the BRGM develop this information document?
BRGM may develop this information document at any time, according to the development in processing techniques and tools in particular. We therefore recommend that you consult it regularly.
10. Commission nationale de l'informatique et des libertés (the French national IT and liberties commission, the "CNIL")
We would remind you that you can make a claim to the data protection officer (email@example.com) and, in the event of an unresolved dispute, to the CNIL, which is the independent administrative authority tasked with ensuring that the Regulation is respected in France. You may contact them directly at the website or by post to the following address: Commission nationale de l'informatique et des libertés, 3 Place de Fontenoy - TSA 80715, 75334 Paris Cedex 07.