DirectoryContact
Close menu

Lyonbiopole privacy policy

Last updated : October 2023

 

DEFINITIONS

 

“Personal Data”: means any information relating to an identified or identifiable natural person as defined by Regulation (EU) No. 2016/679 of 27 April 2016 and any subsequent equivalent regulation.

 

“Applicable Data Protection Laws” or “Applicable Law(s)”: means Regulation (EU) 2016/679 of 27 April 2016 (applicable since 25 May 2018), Law n°78-17 of 6 January 1978 relating to information technology, files and freedoms as amended by Law n°2004-801 of 6 August 2004 relating to the computerized processing of personal data, by the Law for a Digital Republic n°2016-1321 of 8 October 2016, the Law n°2018-493 of 20 June 2018 relating to the protection of personal data and any subsequent equivalent regulation, and/or any applicable law or regulation in force relating to Data protection.

 

“Third Country”: means any country outside the European Union which does not have adequate legislation concerning the Processing of Personal Data as decided by the European Commission.

 

“Controller”: Lyonbiopôle – Association Loi de 1901 registered at the Registre des Associations du Tribunal judiciaire de Lyon, whose head office is bâtiment EKLAA, 63 avenue Tony Garnier, 69007 Lyon, France. SIRET n° 485 243 174 00029.

 

“Processing”: any operation or set of operations carried out or not by means of automated processes and applied to Personal Data or sets of Personal Data, such as, for example, the collection, recording, organisation, structuring, storage, communication by transmission, dissemination, retrieval, consultation of Personal Data and defined by Regulation (EU) No. 2016/679 of 27 April 2016 and any subsequent equivalent regulations.

 

“Subcontractor/Processor”: means the third party that processes Personal Data on behalf of the Controller.

 

User of the Site”: means any person who connects to the Site and who uses or does not use the services available there. This person may be a member of Lyonbiopôle.

The Controller undertakes to comply with the Applicable Laws in the context of the Processing of Personal Data carried out on the www.lyonbiopole.com website that it publishes (hereinafter referred to as the “Site”) and more generally in the context of any Processing carried out by the Data Controller.

 

The Personal Data collected via the Site are processed in a lawful, fair and transparent manner.

 

The Personal Data collected is adequate, relevant and limited to what is strictly necessary for the purposes of the Processing.

 

1. Purposes of the Processing of Personal Data

 

a) Processing No. 1: the purpose of the Processing is to manage the Site.

 

The Controller collects the Personal Data of the User of the Site for:

  • Preparation and publication of contents;
  • Technical administration of the Site in collaboration with the technical service providers (hosting, domain name registrar, etc.);
  • Site security management (security equipment and logs);
  • To compile statistics on visits to the Site.

 

Legal basis of the Processing:

Article 6 (1) f) of the GDPR: the Processing is necessary for the purposes of the legitimate interests pursued by Lyonbiopôle.

 

Categories of Personal Data processed:

Connection Data: IP addresses, event logs, etc.

 

Data Subject:

The Users of the Site.

 

Automated decision making:

The Processing does not involve automated decision-making.

 

b) Processing No. 2: The purpose of the Processing is to respond to a User’s request made via the “Become a Member” tab on the Site

 

It allows to:

Manage membership applications to Lyonbiopôle ;

Publish contact information that is only visible to other Lyonbiopôle members.

 

Legal basis of the Processing:

Article 6 (1) a) of the GDPR: the Data Subject has consented to the Processing of his/her Personal Data.

 

Category of Personal Data collected:

  • Name;
  • First name;
  • Function;
  • E-mail address and business telephone number of the Data Subject ;
  • Photo.

 

Data Subject:

Users of the Site wishing to join Lyonbiopôle.

 

The Personal Data collected for this purpose are collected in a mandatory way. Automated decision making: The Processing does not involve automated decision-making.

 

c) Processing No. 3: The purpose of the Processing is to send the Newsletters or information emails regarding news from Lyonbiopôle

 

It allows to:

To send the Newsletters or any information email to Lyonbiopôle members;

Address subsequent communications.

 

Legal basis of the Processing:

Article 6 (1) a) of the GDPR: the Data Subject has consented to the Processing of his/her Personal Data

 

Category of Personal Data collected:

  • E-mail address ;
  • Name ;
  • First name ;
  • Entity ;
  • Function ;
  • Language.

 

Data Subject:

Lyonbiopôle members.

 

Automated decision making:

The Processing does not involve automated decision-making.

 

d) Processing No. 4: The purpose of the Processing is to respond to a User’s request made via the “Contact us” tab on the Site

 

It allows to:

Reply to a request sent directly by email to Lyonbiopôle

 

Legal basis of the Processing

Article 6 (1) a) of the GDPR: the Data Subject has consented to the Processing of his/her Personal Data

 

Categories of Personal Data processed:

  • E-mail address;
  • Any information provided by the Data Subject (free fields).

 

Data Subject:

Users. The Personal Data collected for this purpose are collected in a mandatory way.

 

Automated decision making:

The Processing does not involve automated decision-making.

 

e) Processing No. 5: The purpose of the Processing is to provide the User with the “Member area” section of the Site

 

It allows to:
Give the User access to his Lyonbiopôle account as a member of Lyonbiopôle and to all the services present on the account.

 

Legal basis of the Processing

Article 6 (1) a) of the GDPR: the Data Subject has consented to the Processing of his/her Personal Data

 

Categories of Personal Data processed:

  • Identifier;
  • Password.

 

Data Subjects:

Users The Personal Data collected for this purpose are collected in a mandatory way.

 

Automated decision making:
The Processing does not involve automated decision-making.

 

f) Processing No. 6 : The purpose of the Processing is to provide the User with the “JOB BOARD” space

 

It allows :

The User to create a personal space (applicant space or recruiter space) to use the “JOB BOARD” space.

 

Legal basis of the Processing
Article 6 (1) a) of the GDPR: the Data Subject has consented to the Processing of his/her Personal Data.

 

Categories of Personal Data processed to create the applicant space:

  • Name;
  • First name;
  • E-mail address and/or personal telephone number of the Data Subject ;
  • Any information provided by the Data Subject (resume downloading).

Only the name, the first name, the e-mail address and the telephone number of the Data Subject are collected on a mandatory basis.

 

Categories of Personal Data processed to create the recruiter space:

  • Name;
  • First name;
  • E-mail address and/or personal telephone number of the Data Subject;
  • Any information provided by the Data Subject (resume downloading).

The Personal Data collected for this purpose are collected in a mandatory way.

 

Data Subjects:

Users

 

Automated decision making:

The Processing does not involve automated decision-making.

 

g) Processing No. 7 : The purpose of the Processing is to support innovative projects

 

Il allows :
To assist a company or a consortium, whose project leader is a member of Lyonbiopôle, to respond to calls for proposals in order to obtain funding from public entities.

 

Legal basis of the Processing
Article 6 (1) a) of the GDPR: the Data Subject has consented to the Processing of his/her Personal Data.

 

Categories of Personal Data processed:

  • Name ;
  • First name ;
  • E-mail address and telephone number of the Data Subject ;
  • Title / Function :
  • Field of expertise of the Data Subject.

 

Data Subjects:

  • Members of the project leader company ;
  • Members of consortium entities that have joined Lyonbipôle ;
  • Members of consortium entities that have not joined Lyonbiopôle.

The Personal Data collected for this purpose are not collected via the Site.

 

Automated decision making:

The Processing does not involve automated decision-making.

 

h) Processing No. 8: The purpose of the Processing is to register a Data subject for an event organised by LYONBIOPOLE

 

Il allows :

To register a person on the list of participants in an event and put them in contact with any event partners.

 

Legal basis of the Processing

Article 6 (1) b) of the GDPR: the Data Subject has accepted the general conditions related to the event.

 

Categories of Personal Data processed:

  • Last name;
  • First name;
  • E-mail address and telephone number of the Data Subject;
  • Field of activity;
  • Type of organization

 

Data Subjects:

Anyone wishing to register for an event The Personal Data collected for this purpose are collected in a mandatory way.

 

Automated decision making:

The Processing does not involve automated decision-making.

 

2. Duration of retention of Personal Data

 

The Controller shall keep the information and Personal Data for the maximum legal or regulatory period applicable according to the purpose of the Processing:

  • The Personal Data collected following a request made on the Site (except for members) are kept for a maximum period of three years from the last contact from the Data Subject;
  • The Personal Data collected for the sending of the Newsletter are kept as long as the person does not unsubscribe;
  • The Personal Data collected for the membership application to Lyonbiopôle are kept for the duration of the membership plus five years after the end of the membership;
  • The Personal Data collected for the JobBoard are kept for the duration of use of the space by Users. They can delete their space at any time;
  • Users’ resume will be published and thus kept for two months (renewable once by the User);
  • The Personal Data relating to connection logs are kept for six months;
  • The Personal Data necessary for the production of statistics on the audience and use of online services are kept in a format that does not allow the identification of persons by their IP address ;
  • The Personal Data collected to support innovative projects are kept for the duration of the contract between Lyonbiopôle and these entities and for ten years from the end of the contractual relationship for communication purposes.
  • The Personal Data collected to register for an event are kept for the duration of the event.

3. Commitment of the Controller

 

The Controller undertakes to:

  • process Personal Data only for the purposes described above,
  • process Personal Data in accordance with Applicable Laws,
  • in case of transfer of Personal Data to a Third Country or to an international organisation, inform the User beforehand,
  • guarantee the confidentiality of Personal Data by taking all appropriate technical and organisational measures to (i) prevent access to Personal Data by unauthorised persons, (ii) carry out identity and access controls via an authentication system and a password policy, (iii) opt for an authorisation management system, and (iiii) processes and devices enabling all actions carried out on its information system to be traced and to carry out, in accordance with the Applicable Laws, reporting actions in the event of an incident impacting the Personal Data
  • ensure that persons who are authorised to process Personal Data are committed themselves to confidentiality or are under an obligation of confidentiality and receive the necessary training on the protection of Personal Data,
  • take into account, with regard to its tools, applications or services, the principles of Data protection by design,
  • delete, anonymise or archive Personal Data at the end of the retention period,

The Controller shall not be liable for any security incidents related to the use of the Internet, in particular in the event of loss, alteration, destruction, disclosure or unauthorised access to the User’s data or information.

As part of the organisation of events, the Data Subjects is informed that his or her Personal Data may be transmitted to the event’s partners.

 

4. Subcontractors/Processors/Recipients

 

The User of the Site accepts that the Personal Data concerning him/her collected by the Controller may be transmitted to the Subcontractors/Processors with whom he/she has a contractual relationship for the sole purpose of carrying out the aforementioned purposes, provided that these third parties recipients of the Personal Data are subject to a regulation guaranteeing an appropriate and adequate level of protection as defined by the Applicable Law.

 

By using the JobBoard, Users applicants expressly accept that the Controller transmits their resume and their Personal Data related to their application to the recruiter via the dedicated space on the Site.

 

5. Exercise of the rights of the User of the Site and collection of consent

 

The User of the Site gives his consent to the collection and Processing of his Personal Data by ticking the appropriate boxes on the Site.

 

The following rights are guaranteed by the Controller to the User of the Site: right of access, rectification, deletion and opposition, right to the restriction of the Processing, right to data portabilitý, right not to be subject to an automated individual decision-making (including profiling).

 

The User of the Site may obtain a copy of his Personal Data, upon written request to the Controller.

 

By sending a written request, and at any time, the User of the Site can obtain a correction or a deletion of his Personal Data.

 

All requests should be sent in writing to the following address: dpo@lyonbiopole.com

 

At any time, the User of the Site may lodge a complaint with a national data protection authority, if he considers that his rights have not been respected by the Data Controller.

 

6. Security and confidentiality of Personal Data – Notification

 

The Controller undertakes to implement:

  1. physical security measures to prevent access to Personal Data by unauthorised persons,
  2. identity and access controls via an authentication system and password policy,
  3. processes and devices enabling the tracing of all actions carried out on its information system and to carry out, in accordance with the Regulations, reporting actions in the event of an incident affecting Personal Data.

Thus, in terms of computer security, the Controller endeavours to apply the recommendations made by the CNIL in this area: password policy coupled with a second authentication, regular modification of passwords, etc.

 

When the Applicable Laws so provide, the Controller shall notify the User of the Site and the competent supervisory authority of any breach of Personal Data within a maximum of 72 hours of becoming aware of it by electronic mail to the email address at its disposal. This notification shall be accompanied by any useful documentation.

 

7. Documentation

 

The Controller shall establish and retain the necessary documentation to demonstrate compliance with all its obligations under Applicable Laws.

 

8. Transfer

 

In the event of the transfer of all or part of the Personal Data subject to Processing to a Third Country, i.e. one located outside the European Union or which does not present a level of protection recognised as adequate within the meaning of the Applicable Laws, or to an international organisation, the Controller undertakes to provide the appropriate safeguards provided for within the Applicable Laws and to ensure that they are respected by its Subcontractors.

 

Under no circumstances shall the Controller sell, rent or use the Personal Data it receives for any purpose other than those specified. The disclosure of Personal Data to third parties is carried out by the Controller only for the purposes of carrying out the purposes and to third parties with the status of Subcontractors under the conditions referred to herein.

 

9. Update of the Privacy Policy

 

The Controller regularly updates this Privacy Policy, which remains available on the Site at all times.

 

10. Social networks

 

The Site may contain social network icons allowing you to express opinions or share content on these social networks (“share” or “like” buttons). The Data Controller shall not be held responsible for the content shared on these social networks.

 

11. Cookies

 

Browsing the Site may cause cookies to be installed on the User’s terminal. When you connect to the Site, you are asked to configure your choices regarding cookies.

 

a. Definition

A cookie is a small text file, deposited on your terminal, via the Internet browser, for example when visiting a site, reading an email, installing software, etc.

 

A cookie does not allow the identification of the User but records information relating to his navigation.

 

b. Types of cookies used

 

The different types of cookies and their purposes:

  • When you visit the Site, the Controller deposits cookies on your terminal in order to simplify and improve your browsing on the Site and to personalise the services offered to you under the conditions defined below.
  • Necessary cookies: these are those strictly necessary for the proper functioning of the Site (for example: identification and connection to your Lyonbiopôle account). These cookies contribute to the technical functioning of the Site and cannot be deactivated.
  • Functional cookies: these cookies make it possible to improve browsing on the Site and in particular to make browsing more fluid and personalised without being essential to the proper functioning of the Site (for example: memorising connection information to the Site if necessary).
  • Analytical cookies or audience measurement: these cookies enable the Controller to know the use and performance of the Site and to improve its functioning (for example, the most visited pages of the Site, searches carried out by Users, etc.)).
  • Advertising cookies: these cookies allow the User to be offered advertisements adapted to his or her interests on the Site or other sites when browsing the Internet.

These cookies record information relating to the User’s browsing habits on the Site but also outside the Site. These cookies are not essential to the proper functioning of the Site and can therefore be deactivated. However, refusing this type of cookies will not prevent the display of advertisements on the Site or on the Internet in general. These advertisements will simply not take into account the interests and preferences of the User.

 

c. Cookie retention time

 

The Controller stores the cookies listed above, subject to the consent and settings of the User, for a maximum period of 13 months.

 

d. Cookie settings

 

When connecting to the Site, the User is invited to configure his cookie preferences. He may modify his choices at any time. However, the setting of cookies is likely to have effects on the User’s browsing on the Site. It is therefore advisable to set the parameters of cookies according to their respective purposes.

 

Contact us

 

Bâtiment EKLAA – 1er étage

63 avenue Tony Garnier 69007 LYON

dpo@lyonbiopole.com

Bâtiment EKLAA

63 avenue Tony Garnier

69007 Lyon