This Privacy Policy (hereinafter referred to as the "Policy") defines and describes the means implemented by DrData as part of the collection, use and processing of data collected concerning users (hereinafter referred to as the "User") on its website and platforms. Its purpose is to fully inform you of the security and confidentiality guarantees implemented by DrData in the protection of your personal data collected. The Policy is an integral part of the Terms & Conditions of Use of the website and its platforms.
DrData responsible for processing the personal data provided by the User on the Website and its affiliated platforms is DrData, a simplified joint stock Company, whose registered office is located at 81 rue Réaumur, 75002 PARIS, and which is registered with the Paris Trade and Companies Registry under number Siren 838152122.
The personal data collected is used within the framework of the services provided by DrData through its website and platforms. DrData ensures that it only collects data that is strictly necessary for the purpose of the processing carried out. This data is used for the following main purposes: processing an information request, sending DrData's training catalog, managing your subscription to DrData's publications and newsletter, managing your registrations for events organized by DrData. This processing of personal data is based on your consent. This information has been brought to the attention of DrData's Data Protection Officer (DPO), who has included it in his register of processing activities. In compliance with the regulations applicable to the use of your personal data, DrData reserves the right to use your data for the purposes of providing information about its products and services or for any other obvious purpose necessary to inform you about the use of the service in which he/she has expressed interest.
The recipients of the personal data collected and processed are the relevant departments of DrData.
This website is hosted by Heroku Inc., 415 Mission Street Suite 300 San Francisco, California 94105.
Our Policy strictly applies the regulations in force concerning the protection of personal data introduced by Law no. 78-16 of January 6, 1978, as amended, relating to information technology, files and freedoms in its consolidated version (hereinafter "Law on data processing and civil liberties") and by the General Data Protection Regulation (GDPR) no. 2016-679 of April 27, 2016. This Policy also undertakes to comply with any legislation or regulations that may be adopted and applied in France or in any other country to which DrData may transfer the collection, use and processing of such data. This Policy may be amended and supplemented in accordance with legal, regulatory and jurisprudential developments.
DrData uses all the means at its disposal to create an environment that preserves the quality and security of the integrity of your data. DrData implements all appropriate technical and organizational security measures to protect your personal data. Any natural or legal person, whether internal or external to DrData, who is authorized by the latter to access your personal data, within the framework of the contractual relations established for the services provided by the Website, is required to comply with this Policy. Sensitive personal data provided by the User may be subject to additional specific protection measures in accordance with the legal and regulatory requirements in force.
DrData retains your personal data for as long as is necessary for the operations for which it was collected and in compliance with the regulations in force. Thus, data relating to Users is kept for the duration of the contractual relationship, plus three (3) years for promotion and prospecting purposes, without prejudice to retention obligations or limitation periods. Data relating to prospective customers is kept for a period of three (3) years from the last incoming contact with DrData.
Personal data collected via this website is hosted by our service providers within the European Union. As part of the management and operation of our Site, our service providers may transfer personal data to the United States for the purposes of maintenance and service improvement. Since July 10, 2023, the United States is considered to have an adequate level of protection for personal data, by the European Commission. More specifically, organizations located in the USA must publicly declare their commitment to comply with the new personal data protection framework to the US Department of Commerce. Once entities are registered on the list of certified organizations, they can receive and process personal data from European citizens without the need for additional data protection guarantees. The service providers we use are on the list of certified organizations. They are therefore obliged to comply with the personal data protection framework in force between the European Union and the United States. Personal data collected from Users will not be transferred, whether free of charge or in return for payment, nor will it be shared with or communicated to third parties, except as provided for in this Policy. In fact, personal data may be shared with third parties acting on behalf of DrData in the context of a specific data processing purpose to meet particular legal or regulatory requirements, or in the context of subcontracting or the supply of services necessary for the operation, evaluation and marketing of the site and its platforms by an external service provider. In such cases, all third parties are obliged to approve and strictly apply this Policy. This obligation is stipulated in the contracts binding these third parties to DrData. In the event of the sale of all or part of DrData, personal data may be assigned or transferred to the purchaser or assignee, provided that the processing of such data complies with this Policy. The personal data collected may be communicated to third parties in the event of a legal obligation imposed on DrData by law, regulation, government text or court order. This communication may also be necessary in the context of an investigation, in particular a criminal investigation, on French territory or abroad.
A "cookie" is a small data file sent to the user's browser and stored on the user's terminal (e.g. computer, smartphone), (hereinafter "Cookies"). This file includes information such as the user's domain name, the user's Internet service provider, the user's operating system, and the date and time of access. Cookies are in no way likely to damage the user's terminal.You can refuse cookies (except those necessary for the proper operation of the Website) by unchecking the boxes on the banner provided for this purpose. If you accept the deposit of cookies, your consent will be valid for thirteen (13) months from the date of registration. There are 4 cookies on the Website, which are necessary for its proper operation :
| COOKIE NAME | PURPOSE | RETENTION PERIOD |
|---|---|---|
| rc::a | Distinguishing between humans and robots | Persistent |
| rc::c | Distinguishing between humans and robots | Until the end of the session |
| CookieConsent | Store the user's permission to use cookies for the current domain | 1 year |
| PHPSESSID | Maintain user settings through page requests | Until the end of the session |
There are also two statistical cookies on the Site which help us to understand how users interact with the Website. You are free to decide whether or not to accept these statistical cookies. If you agree, the following data will be collected and processed:
| COOKIE NAME | PURPOSE | RETENTION PERIOD |
|---|---|---|
| _pk_id# | Gather site traffic statistics (number of visits, average time spent, pages viewed) | 1 year |
| _pk_ses# | Track visitor page requests during the session | 1 day |
In order to measure traffic and performance and generate statistics, we use an audience measurement tool that respects your personal data and your rights, Matomo, a tool recommended by the CNIL, for which you can consult the confidentiality Policy here.
In accordance with the French Data Protection Act of January 6, 1978, as amended, and the European Regulation on the protection of personal data of April 27, 2016, except where restricted, your data rights are as follows:
You can also inform us of your wish to define the fate of your personal data after your death. In such cases, we undertake to comply with the terms and conditions governing the processing of personal data within the limits of applicable legal obligations. In the absence of specific instructions from you, we undertake to destroy the personal data concerned, unless its retention is necessary for evidentiary purposes or to meet a legal obligation.
If you have any queries or requests concerning the application of this Policy or our personal data collection or processing practices, or if you wish to exercise your rights, please contact us using the following details:
In the event of a complaint, you may refer the matter to the French supervisory authority responsible for compliance with personal data protection rules, the Commission Nationale de l'Informatique et des Libertés (CNIL) :