Privacy & Data protection

This website uses Matomo, a web analytics tool that is GDPR compliant. No third-party cookies are stored on your device, but it still allows us to track activity on our website, including the members area.
If you want to disallow this tracking completely for your current browsing device, you can change your settings here:

Opt-out complete; your visits to this website will not be recorded by the Web Analytics tool. Note that if you clear your cookies, delete the opt-out cookie, or if you change computers or Web browsers, you will need to perform the opt-out procedure again.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

The tracking opt-out feature requires cookies to be enabled.

The address of our website is: https://www.ern-eye.eu/

In the course of its activities, the editor of this website is required to process personal data.

This Privacy Policy and Personal Data Protection (PP/PDP) provides the information necessary to understand the various processing activities that the editor undertakes to fulfill its missions and provide the most suitable services to users of the website.

Article 1 – Definitions:

• Website: Refers to all components and content of this website.
• User, data subject: Refers to any natural person who uses the website or one of its services, and whose personal data is subject to processing, the purpose and means of which have been defined by the data controller.
• Editor, data controller: Refers to the editor of the website and the controller of personal data processing. It refers to the representative of the public establishment mentioned above.
• Joint Data Controllers or Co-Controllers: This refers to the scenario where two or more data controllers jointly determine the purposes and means of processing.
• Processor: Refers to a natural or legal person, public authority processing personal data on behalf of a data controller.
• Personal data: Any information relating to an identified or identifiable natural person, directly or indirectly, including by reference to a name, an identification number, location data, or one or more specific elements specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
• Processing: Any operation or set of operations carried out with or without automated processes and applied to personal data or sets of personal data.
• Personal data breach: Any destruction, loss, alteration, disclosure, unavailability, or unauthorized access to personal data, whether accidental or unlawful.

Article 2 – Purpose:

This Privacy Policy and Personal Data Protection (PP/PDP) is designed to provide information necessary to understand the various processing activities that the editor carries out to fulfill its missions and provide the most suitable services to website users.

Article 3 – Scope:

This Privacy Policy and Personal Data Protection concerns any natural person related to the editor, as a client, prospect, legal representative, or effective beneficiary of a legal entity.

Article 4 – Identity and Contact Details of the Data Controller:

The data controller is as follows:

ERN-EYE
1 Pl. de l’Hôpital
Bâtiment 2
67000 Strasbourg
Tél. : 03 88 11 67 55
Courriel : contact@ern-eye.eu

Article 5 – Contact Details of the Data Protection Officer (DPO):

The editor has appointed a Data Protection Officer, and their contact details are [not provided].

Article 6 – Purposes of the Implemented Processes:

This website performs the following processes:

Contact or Information Request

Processing – Contact, Information, or Appointment Request:

• Objective and Purpose: To collect a request on a specific subject to connect the requester with a ERN-EYE collaborator capable of addressing the request.
• Legal Basis: Article 6 of the Data Protection Act, Article 23 of the Artisan Code (France).
• Categories of Personal Data Collected: Identity, contact information.
• Categories of Persons Concerned: General public.
• Operations Performed on Personal Data: Collection, recording, storage, consultation, use, transmission, deletion.
• Recipients of Personal Data: ERN-EYE collaborators.
• Retention Period: 2 years.

Members area and members list

Processing – List of all our members, access to our members area:

• Objective and Purpose: Establish a list of our members for informational purposes for patients and healthcare professionals; enable access to certain documents reserved for our members.
• Legal Basis: Article 6 of the Data Protection Act, Article 23 of the Artisan Code.
• Categories of Personal Data Collected: Identity, address, contact information, professional activity.
• Categories of Persons Concerned: General public and ERN-EYE members.
• Operations Performed on Personal Data: Collection, recording, storage, consultation, use, transmission, export, deletion.
• Recipients of Personal Data: ERN-EYE collaborators and some ERN-EYE members.
• Retention Period: as long as the website is active.

Article 7 – Information Obligation:

When you refuse to provide personal data that is mandatory by a legal or regulatory origin and/or necessary for the performance of an editor’s service, the editor may refuse the request and/or terminate the contractual relationship. Therefore, ERN-EYE informs the data subjects of all necessary information for the execution of the service on the medium collecting such information.

Article 8 – Retention and Communication of Personal Data:

User personal data is kept for the duration of the applicable legal prescription and/or conservation and archiving imposed by current regulations. In accordance with Article 5-d of the GDPR, the editor refrains from keeping, using, and communicating personal data when it is inaccurate, incomplete, ambiguous, or outdated.

The editor does not disclose user personal data to third parties, except if:

• The user requests or authorizes the disclosure.
• The editor is compelled by a governmental authority or regulatory body, in the case of a court order, subpoena, or any other similar governmental or judicial requirement, or to establish or defend a legal claim.

No user’s personal data is published without their knowledge, exchanged, transferred, assigned, rented, or sold on any medium to third parties, including for marketing purposes, except for legal or contractual obligations.

Article 9 – Transfer of Personal Data Outside the European Union:

Personal data may be communicated to subcontractors established in a country outside the European Union. These entities carry out, on behalf of the editor, certain technical and material tasks essential to the operation of the technical device, associated services, and for the processing purposes described above.

This transfer is framed by appropriate security and control measures. In some cases, these subcontractors may be located in countries that do not have an adequacy decision by the European Commission. The transfers of data to these subcontractors are framed by standard contracts conforming to the model developed by the European Commission.

Details of these rules and information regarding the transfer are available upon request to the DPO at the coordinates indicated in Article 5.

Article 10 – Storage and Security of Personal Data:

The editor ensures that personal data is stored and secured by the following subcontractors/co-contractors:

• Com6
• Com6 interactive

The editor undertakes to ensure that its subcontractors and co-contractors listed above:

• Comply with the provisions of the GDPR and the “Informatique et Libertés” law (France).
• Provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures for the protection of personal data.
• Have signed a contract framing the commitments relating to the protection of personal data.
• Have a Data Processing Agreement (DPA) properly executed.

When processing personal data, the editor, its subcontractors, and potential co-contractors take all reasonable measures to protect them against any loss, misuse, unauthorized access, disclosure, alteration, or destruction. In the context of personal data breach notification procedures provided for by French and European legislation, if the editor becomes aware of a security breach, it undertakes to notify the concerned user so that they can take appropriate measures.

Article 11 – Registers of Personal Data:

The editor meets its obligation of transparency and traceability by keeping written records of all categories of activities performed.

Article 12 – Rights of Data Subjects:

In accordance with current French and European regulations, the user has the following rights:

• Right of access, rectification, updating, completeness of data.
• Right to lock or erase personal data.
• Right to withdraw consent at any time.
• Right to limit processing and possible opposition to the processing of data.
• Right to the portability of data that the user has provided.

The rights mentioned in this paragraph are exercised with the DPO by a written request accompanied by a valid proof of identity, at the coordinates indicated in Article 5. When processing is based on the user’s consent, such consent can be withdrawn at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before such withdrawal.