dated : 1st of March 2022
This charter describes how Make.org collects and uses any information that, used alone or in combination with other information, relates to you (“personal data”) when you use our website www.dialogue-make.org and interact with our project co-construction service on our website. Make.org acts as the processing manager for the personal data collected via the website and our services. Make.org is a simplified joint-stock company with its registered office at 13-15 rue de la Bûcherie, 75005 Paris, listed in the PARIS register of trades and companies under the number 820 016 095. In its capacity as processing manager, Make.org is responsible for ensuring that the processing of the personal data complies with the applicable data protection legislation, and especially with the general data protection regulations (hereinafter “the GDPR”).
DESCRIPTION OF THE PROCESSING
Make.org is committed to the protection of personal data in general and of those of the users of its website and online project co-construction services in particular. For Make.org it constitutes one of the fundamental values of the digital environment and an essential condition of freedom of conscience. To this end, Make.org undertakes to limit the quantity of personal data collected to the minimum necessary for the functioning of its website and online project co-construction services. Consequently, Make.org will only process personal data strictly in line with the carrying out of its mission and for the following purposes: - functioning, use and improvement of the website and Make.org’s services; and - implementation of co-constructed projects and Make.org’s other operations (on your request, registration for the workshops and keeping you informed of the results of the co-constructed projects). The legal basis for this personal data processing carried out by Make.org is the legitimate interest of Make.org consisting in the provision of its project co-construction service via its website. Make.org collects a limited quantity of data from different categories of service user: - users who vote on/react to the online project co-constructions by choosing one of the proposed responses (e.g. “very good idea”, “bad idea”). In this case, the person’s IP address is not collected (just the vote and a randomly allocated visitor number that do not allow us to identify you). - users who leave comments on the online co-construction projects. To do this, they provide their first name, which will be posted above their comment, their e-mail address and their comment. The e-mail address is collected in order to guarantee their serious participation and, if need be, to enable discussion with them about the ideas they have shared in their comment. Given that the comment will be made public following its internal review by Make.org, we would ask you not to include personal data in your comment (e.g. your contact details, information on your personal experience that might allow us, other participants or third parties to identify you, or personal data concerning another person). - users who register via an online form, to ask to take part in workshops. To do so, they each provide their e-mail address and first name and indicate whether they belong to an organization connected with the subject treated in the course of the project co-construction. Optionally, they can provide their profession, their age and the name of their organization (where applicable). - users who wish to be kept informed of the follow-up on results of the co-construction of projects to which they have access. They each provide their e-mail address for this purpose. With the exception of categories of personal data identified as optional, refusal to provide the data mentioned above will prevent the user from accomplishing what they seek to do on the service. We take appropriate measures to ensure that the personal data we hold are correct, complete and, if necessary, kept up to date. However, please ensure that your personal data are as accurate, complete and up-to-date as possible by informing us rapidly of any change or error.
OBLIGATIONS OF MAKE.ORG
Make.org undertakes to: - process the personal data uniquely for the sole purposes set out above; - guarantee the confidentiality of the personal data, in particular ensuring that third parties authorised to process the personal data undertake to respect their confidentiality or be subjected to an appropriate legal obligation of confidentiality; - take into account the principles of data protection from the initial conception and data protection by default, where its tools, co-construction of projects, applications and services are concerned.
RECIPIENTS AND TRANSFERS
The personal data processed for the purposes described above may not be divulged to third parties other than in the cases provided for below, or when Make.org is required to do so by a legal or regulatory provision resulting from French law or legislation applicable in the European Union. Thus, with the sole aim of carrying out their respective duties, the following people may have access to the personal data: - within Make.org, staff in charge of conducting the co-construction of projects, of handling relations with users and complaints, and of providing logistical and computing services, as well as their hierarchical managers; - Make.org’s possible third-party subcontractors – it being stipulated that the contract signed between the said subcontractors and Make.org shall mention the obligations imposed on the subcontractors regarding protection of security and the confidentiality of data. These subcontractors process the data for the purposes described below. In concrete terms, our subcontractors provide us with hosting and data analysis services, marketing services and development and support services for our website and services. - our partner Make.org Foundation for its analysis of the aggregated results of the project co-constructions and the follow-up on the project co-constructions (their implementation in particular); - where applicable, partners or third-party sponsors of project co-constructions, particularly with a view to project support and promotion, especially editorial. Our servers are located in the European Union and our service-providers and third-party partners operate in the European Union. That means that when we collect your personal data, we do not transfer them outside the European Union.
When you log on to our website, cookies can be installed on your device. These are primarily cookies essential for the functioning of our website. Cookies can also be used to improve your experience, improve the performance of our website and optimize our online project co-construction services. You can indicate your cookie preferences via our consent interface, on which you have the possibility of accepting or refusing cookies. The information contained in the cookies does not seek to identify you personally and is never used for purposes other than those indicated on our cookie management notice.
EXERCISING OF USERS’ RIGHTS
Users have several rights under the GDPR, with conditions of exercising that vary depending on the right exercised. Thus, users benefit: - from a right of access to their personal data. - from a right to rectification of their personal data. - from a right to deletion of their personal data. In particular, if you exercise your right to deletion after having participated in an online project co-construction by posting a comment, we delete your data in our databases, particularly the first name you indicated alongside your comment. We will conserve the comment as long as it does not permit your identification. - from a right to limit the processing of their personal data. - from a right to la portability of their personal data. - from a right not to be the subject of an automated individual decision (including for profiling purposes). - and from a right to provide instructions regarding the destiny of the personal data after their death. Users also have the right to oppose the processing of their personal data by Make.org. Finally, while the processing is based on consent, users may withdraw their consent to the processing of their personal data by Make.org at any time, it being stipulated that this withdrawal shall not affect the legality of any previous processing based on the consent. The exercising by users of the rights listed above can be communicated by any means, in particular by the sending of an e-mail to the address: email@example.com. If users consider that their rights regarding the data have not been respected by Make.org, they can always submit a complaint to the CNIL (Commission nationale de l'informatique et des libertés, the national commission on computing and freedoms).
SECURITY AND CONFIDENTIALITY OF THE PROCESSING
Make.org will take any measure necessary to preserve and ensure the respect of the integrity and confidentiality of the personal data. Make.org undertakes in particular, taking account of standard practices, to put in place technical and organizational measures required to ensure an appropriate level of security and confidentiality with regard to the risks incurred by the processing and the nature of the personal data processed.
DURATION OF CONSERVATION OF THE DATA
We conserve the personal data that we collect for as long as we have a legitimate commercial need of them (for example in order to provide you with the online project co-construction service). In concrete terms, the personal data are conserved for a duration of three years after the initial data collection.
DATA PROTECTION OFFICER
The designated data protection officer is the SELARL FWPA Avocats, 18 rue des Pyramides, 75001, Paris, represented by Maître Jean-Baptiste Soufron. He may be contacted at the address: firstname.lastname@example.org.
UPDATING OF THE CHARTER
We can update this charter from time to time in response to legal, technical or commercial developments. In this event, we will take the appropriate steps to inform you, depending on the importance of the changes we make. We will obtain your consent for any major change made to this charter if this is required by the applicable data protection legislation. You can see the date of the last update of this charter by referring to the date shown at the top of this charter.