Last updated : May 2022
“Personal Data”: means any information relating to an identified or identifiable natural person as defined by Regulation (EU) No. 2016/679 of 27 April 2016 and any subsequent equivalent regulation.
“Applicable Data Protection Laws” or “Applicable Law(s)”: means Regulation (EU) 2016/679 of 27 April 2016 (applicable since 25 May 2018), Law n°78-17 of 6 January 1978 relating to information technology, files and freedoms as amended by Law n°2004-801 of 6 August 2004 relating to the computerized processing of personal data, by the Law for a Digital Republic n°2016-1321 of 8 October 2016, the Law n°2018-493 of 20 June 2018 relating to the protection of personal data and any subsequent equivalent regulation, and/or any applicable law or regulation in force relating to Data protection.
“Third Country”: means any country outside the European Union which does not have adequate legislation concerning the Processing of Personal Data as decided by the European Commission.
“Data Controller”: Lyonbiopole – Association Loi de 1901 registered at the Registre des Associations du Tribunal judiciaire de Lyon, whose head office is bâtiment EKLAA, 63 avenue Tony Garnier, 69007 Lyon, France. SIRET n° 485 243 174 00029.
“Processing”: any operation or set of operations carried out or not by means of automated processes and applied to Personal Data or sets of Personal Data, such as, for example, the collection, recording, organisation, structuring, storage, communication by transmission, dissemination, retrieval, consultation of Personal Data and defined by Regulation (EU) No. 2016/679 of 27 April 2016 and any subsequent equivalent regulations.
“Subcontractor/Data Processor”: means the third party that processes Personal Data on behalf of the Controller.
“User of the Site”: means any person who connects to the Site and who uses or does not use the services available there. This person may be a member of Lyonbiopole.
The Controller undertakes to comply with the Applicable Laws in the context of the Processing of Personal Data carried out on the www.lyonbiopole.com website that it publishes (hereinafter referred to as the “Site”) and more generally in the context of any Processing carried out by the Data Controller.
The Personal Data collected via the Site are processed in a lawful, fair and transparent manner.
The Personal Data collected is adequate, relevant and limited to what is strictly necessary for the purposes of the Processing.
The Controller collects the Personal Data of the User of the Site for:
Legal basis of the Processing: Article 6 (1) f) of the GDPR: the Processing is necessary for the purposes of the legitimate interests pursued by Lyonbiopole.
Categories of Personal Data processed: Connection Data: IP addresses, event logs, etc.
Data Subject: The Users of the Site.
Automated decision making: The Processing does not involve automated decision-making.
It allows to:
Legal basis of the Processing: Article 6 (1) a) of the GDPR: the Data Subject has consented to the Processing of his/her Personal Data.
Category of Personal Data collected: Name; First name; Function; E-mail address and business telephone number of the Data Subject ; Photo.
Data Subject: Users of the Site wishing to join Lyonbiopole.
Automated decision making: The Processing does not involve automated decision-making.
The Personal Data collected for this purpose are collected in a mandatory way.
It allows to:
Legal basis of the Processing: Article 6 (1) a) of the GDPR: the Data Subject has consented to the Processing of his/her Personal Data
Category of Personal Data collected: E-mail address ; Name ; First name ; Entity ; Function ; Language.
Data Subject: Lyonbiopole members.
Automated decision making: The Processing does not involve automated decision-making.
It allows to:
Legal basis of the Processing: Article 6 (1) a) of the GDPR: the Data Subject has consented to the Processing of his/her Personal Data
Categories of Personal Data processed: E-mail address; Any information provided by the Data Subject (free fields).
Data Subject: Users.
Automated decision making: The Processing does not involve automated decision-making.The Processing does not involve automated decision-making.
The Personal Data collected for this purpose are collected in a mandatory way.
It allows to:
Legal basis of the Processing: Article 6 (1) a) of the GDPR: the Data Subject has consented to the Processing of his/her Personal Data
Categories of Personal Data processed: Identifier; Password.
Data Subjects: Users
Automated decision making: The Processing does not involve automated decision-making.
The Personal Data collected for this purpose are collected in a mandatory way.
It allows :
Legal basis of the Processing: Article 6 (1) a) of the GDPR: the Data Subject has consented to the Processing of his/her Personal Data.
Categories of Personal Data processed to create the applicant space: Name; First name; E-mail address and/or personal telephone number of the Data Subject ; Any information provided by the Data Subject (resume downloading). Only the name, the first name, the e-mail address and the telephone number of the Data Subject are collected on a mandatory basis.
Categories of Personal Data processed to create the recruiter space: Name; First name; E-mail address and/or personal telephone number of the Data Subject; Any information provided by the Data Subject (resume downloading). The Personal Data collected for this purpose are collected in a mandatory way.
Data Subjects: Users
Automated decision making: The Processing does not involve automated decision-making.
Il allows :
Legal basis of the Processing: Article 6 (1) a) of the GDPR: the Data Subject has consented to the Processing of his/her Personal Data.
Categories of Personal Data processed: Name ; First name ; E-mail address and telephone number of the Data Subject ; Title / Function ; Field of expertise of the Data Subject.
Data Subjects: Members of the project leader company ; Members of consortium entities that have joined Lyonbipôle ; Members of consortium entities that have not joined Lyonbiopole. The Personal Data collected for this purpose are not collected via the Site.
Automated decision making: The Processing does not involve automated decision-making.
The Controller shall keep the information and Personal Data for the maximum legal or regulatory period applicable according to the purpose of the Processing:
The Controller undertakes to:
The Controller shall not be liable for any security incidents related to the use of the Internet, in particular in the event of loss, alteration, destruction, disclosure or unauthorised access to the User’s data or information.
The User of the Site accepts that the Personal Data concerning him/her collected by the Controller may be transmitted to the Subcontractors/Processors with whom he/she has a contractual relationship for the sole purpose of carrying out the aforementioned purposes, provided that these third parties recipients of the Personal Data are subject to a regulation guaranteeing an appropriate and adequate level of protection as defined by the Applicable Law.
By using the JobBoard, Users applicants expressly accept that the Controller transmits their resume and their Personal Data related to their application to the recruiter via the dedicated space on the Site.
The User of the Site gives his consent to the collection and Processing of his Personal Data by ticking the appropriate boxes on the Site.
The following rights are guaranteed by the Controller to the User of the Site: right of access, rectification, deletion and opposition, right to the restriction of the Processing, right to data portabilitý, right not to be subject to an automated individual decision-making (including profiling).
The User of the Site may obtain a copy of his Personal Data, upon written request to the Controller.
By sending a written request, and at any time, the User of the Site can obtain a correction or a deletion of his Personal Data.
All requests should be sent in writing to the following address: dpo@lyonbiopole.com
At any time, the User of the Site may lodge a complaint with a national data protection authority, if he considers that his rights have not been respected by the Data Controller.
The Controller undertakes to implement:
(a) physical security measures to prevent access to Personal Data by unauthorised persons,
(b) identity and access controls via an authentication system and password policy,
(c) processes and devices enabling the tracing of all actions carried out on its information system and to carry out, in accordance with the Regulations, reporting actions in the event of an incident affecting Personal Data.
Thus, in terms of computer security, the Controller endeavours to apply the recommendations made by the CNIL in this area: password policy coupled with a second authentication, regular modification of passwords, etc.
When the Applicable Laws so provide, the Controller shall notify the User of the Site and the competent supervisory authority of any breach of Personal Data within a maximum of 72 hours of becoming aware of it by electronic mail to the email address at its disposal. This notification shall be accompanied by any useful documentation.
The Controller shall establish and retain the necessary documentation to demonstrate compliance with all its obligations under Applicable Laws.
In the event of the transfer of all or part of the Personal Data subject to Processing to a Third Country, i.e. one located outside the European Union or which does not present a level of protection recognised as adequate within the meaning of the Applicable Laws, or to an international organisation, the Controller undertakes to provide the appropriate safeguards provided for within the Applicable Laws and to ensure that they are respected by its Subcontractors.
Under no circumstances shall the Controller sell, rent or use the Personal Data it receives for any purpose other than those specified. The disclosure of Personal Data to third parties is carried out by the Controller only for the purposes of carrying out the purposes and to third parties with the status of Subcontractors under the conditions referred to herein.
The Controller regularly updates this Privacy Policy, which remains available on the Site at all times.
The Site may contain social network icons allowing you to express opinions or share content on these social networks (“share” or “like” buttons).
The Data Controller shall not be held responsible for the content shared on these social networks.
Browsing the Site may cause cookies to be installed on the User’s terminal. When you connect to the Site, you are asked to configure your choices regarding cookies.
A cookie is a small text file, deposited on your terminal, via the Internet browser, for example when visiting a site, reading an email, installing software, etc.
A cookie does not allow the identification of the User but records information relating to his navigation.
The different types of cookies and their purposes:
These cookies record information relating to the User’s browsing habits on the Site but also outside the Site. These cookies are not essential to the proper functioning of the Site and can therefore be deactivated. However, refusing this type of cookies will not prevent the display of advertisements on the Site or on the Internet in general. These advertisements will simply not take into account the interests and preferences of the User.
The Controller stores the cookies listed above, subject to the consent and settings of the User, for a maximum period of 13 months.
When connecting to the Site, the User is invited to configure his cookie preferences. He may modify his choices at any time. However, the setting of cookies is likely to have effects on the User’s browsing on the Site. It is therefore advisable to set the parameters of cookies according to their respective purposes.
Bâtiment EKLAA – 1er étage
63 avenue Tony Garnier 69007 LYON