Disclaimer and privacy policy

Thank you for showing interest in our institute. Data protection is of high priority for the management of the ESRF. The use of the Internet pages of the ESRF is possible without any indication of personal data; however, if a data subject wants to use special services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

By means of this data protection declaration, our institute would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process via this website.

The ESRF endeavours this processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject to be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the ESRF.

As the controller, the ESRF has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

Site content

Conditions of use

The information contained on this site should not be construed as being of a contractual nature or otherwise binding.  The European Synchrotron Radiation Facility shall have full discretion to add, alter, or remove at any time all or part of the content and the layout of the pages of its site.

In spite of all the care taken in creating and updating this site, errors, inaccuracies or omissions may occur, and users may experience problems in connecting to the site or interruptions in their connection. The ESRF hereby disclaims any liability for any direct or indirect damage which may result from this.

The ESRF does not make any implicit or explicit guarantees regarding the use of information on its Internet site. Consequently, it cannot be held responsible for any losses or damage, direct and/or indirect, which may be engendered by using the information on its site, or for any missing or incorrect information, or any temporary or permanent failure to supply all or part of the information on its site.

The ESRF website features hypertext links to other web sites managed by third parties. The ESRF has no control over these sites and can in no way be considered liable for their contents. The inclusion of such links does not necessarily mean that ESRF is aware of, or approves, their contents. Consequently, the ESRF cannot be held responsible for any failures of these sites. All and any risks incurred by virtue of visiting these linked sites, or using their contents, are taken entirely at the user's risk, and under the user's responsibility.

If you detect information that is inappropriate, or you have concerns regarding material on the web pages, we would be grateful if you could inform us by using the Feedback form, so that the material can be amended.

Staff Web pages

The ESRF provides facilities for staff members and students to create a personal web page. While the ESRF attempts to preview, review and routinely monitor the contents of these staff pages, in no event will the ESRF be held liable for any direct, indirect, special incidental or consequential damages arising out of the use of the information held on these pages. The authors of these pages are solely responsible for abiding by all relevant laws and ESRF policies, including those concerning copyright. Views expressed in these staff pages are the personal views of the authors and are not necessarily the views of ESRF, its staff or employees.

Where links on these pages take you to information provided by individuals or organisations on other Web sites, the ESRF cannot be held responsible for the content on those Web sites, nor does the ESRF endorse any of those sites. If you detect information that is inappropriate, or you have concerns regarding material on these pages, we would be grateful if you could inform us by using the Feedback form, so that the material can be amended.

Intellectual property and related rights

The ESRF site and all the elements forming part thereof, such as the various contents (photos, texts, diagrams, drawings and models, etc.), are protected by intellectual property rights in accordance with French copyright law.

As a result, any use or reproduction of all or part of these elements without prior written authorisation from the ESRF is strictly prohibited, with the exception of reproductions without changes or amendments made purely for purposes of creating private and personal copies in line with paragraph 2 of Article L.122-5 of the French Intellectual Property Law.

Brand names mentioned are the property of their respective owners.

Privacy Policy

Contents

1. Purpose and scope of the policy

2. Collection of general data and information

3. Data Controller

4. What Personal Data do we collect and how?

5. Why do we collect your Personal Information and how?

5.1 Subscription to our newsletters

5.2 Contact possibility via the website

6.  Web analysis tool: Data protection provisions about the application and use of Matomo

7. Do we share your personal data?

8. Is your Personal Data transferred to third countries?

9. How long do we keep your Personal Data?

10. How do we ensure the security of your Personal Information?

11. What are your rights?

12. Updating of this policy

 

1. Purpose and scope of the policy

The ESRF attaches the greatest importance and care to the protection of privacy and personal data, as well as to the respect of the provisions of the applicable Legislation.

The General Data Protection Regulation (EU) 2016/679 (hereinafter "GDPR") states that Personal Data must be processed lawfully, fairly, and transparently. Thus, this privacy policy (hereinafter the "Policy") aims to provide you with simple, clear information on the Processing of Personal Data concerning you, in the context of your browsing and the operations carried out on our website.

2. Collection of general data and information

The website of the ESRF collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.

When using these general data and information, the ESRF does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the ESRF analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our institute, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

3. Data Controller and contact details

In the course of your activity on the https:/www.esrf.fr website, we collect and use personal data relating to you, an individual (hereinafter "Data Subject").

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

ESRF - The European Synchrotron
CS40220
38043 Grenoble Cedex 9
France
Telephone: +33 (0)4 76 88 20 00
Fax: +33 (0)4 76 88 20 20

Société civile
RCS Grenoble D 338 723 919
N° Siret 338 723 919 00027 – APE 7219 Z

Email: webgroup@esrf.fr

Hosting for the site is provided by the ESRF.

This site has been registered with CNIL under no. 623 175 in accordance with law 78-17 dated 6th of January 1978 relating to data processing, files and personal freedom and privacy (loi 78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés).

For all the Processing activities, the ESRF determines the means and purposes of the Processing. Thus, we act as a Processor, within the meaning of the Regulation on Personal Data, and in particular Regulation (EU) 2016/679 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such Data.

The web site http://www.esrf.eu is published by the European Synchrotron Radiation Facility and the information therein are governed by French law.

4.  What Personal Data do we collect and how?

By using our website,  you provide us with a certain amount of information about yourself, some of which may identify you ("Personal Information"). This is the case when you browse our site, when you fill in online forms or subscribe to newletters.

The nature and quality of the Personal Data collected about you will vary depending on the relationship you have with ESRF, the main ones being :

-    Identification data: This includes all information that would allow us to identify you, such as your name, first name, telephone number. We may also collect your e-mail address, as well as your postal address (in case of requests for paper copies of documentation).

-    Browsing information: by browsing our website, you interact with it. As a result, some information about your browsing is collected.

-    Data collected from Third Parties: Personal Data that you have agreed to share with us or on publicly available social networks and/or that we may collect from other publicly available databases.

5.  Why do we collect your Personal Information and how?  

We collect your Personal Data for specific purposes and on different legal grounds.

On the basis of your consent, your Data is processed for the following purposes:
-    Management of newsletters.
-    Management of cookies requiring your consent.

In the framework of the legitimate interest of ESRF, your Data are processed for the following purposes:
-    Establishment of statistics for the improvement of products and services.
-    Carrying out satisfaction surveys and polls.

5.1 Subscription to our newsletters

On the website of the ESRF, users are given the opportunity to subscribe to a number of our institute's newsletters. The input masks used for this purpose determines what personal data are transmitted.

The ESRF informs its users, visitors and business partners regularly by means of newsletters about news and events. The institute's newsletters may only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter shipping. A confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter.

The personal data collected as part of a registration for the newsletters will only be used to send our newsletters. In addition, subscribers to the newsletters may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletters may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time by unsubscribing from the newsletter directly on the website of the controller (see http://www.esrf.eu/home/manage-your-subscriptions.html) or by communicating this to the controller in a different way (email).

5.2 Contact possibility via the website

The website of the ESRF contains information that enables a quick electronic contact to our institute, as well as direct communication with us, which also includes a general e-mail address. If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

6.  Web analysis tool: Data protection provisions about the application and use of Matomo

On this website, the controller has integrated the Matomo component. Matomo is an open-source software tool for web analysis. Web analysis is the collection, gathering and evaluation of data on the behavior of visitors from Internet sites. A web analysis tool collects, inter alia, data on the website from which a data subject came to a website (so-called referrer), which pages of the website were accessed or how often and for which period of time a sub-page was viewed. A web analysis is mainly used for the optimization of a website and the cost-benefit analysis of Internet advertising.

The software is operated on the server of the controller, the data protection-sensitive log files are stored exclusively on this server.

The purpose of the Matomo component is the analysis of the visitor flows on our website. The controller uses the obtained data and information, inter alia, to evaluate the use of this website in order to compile online reports, which show the activities on our Internet pages.

Matomo sets a cookie on the information technology system of the data subject. The definition of cookies is explained on the Cookies page. With the setting of the cookie, an analysis of the use of our website is enabled. With each call-up to one of the individual pages of this website, via  Matomo component, the Internet browser on the information technology system of the data subject is automatically prompted to submit data for the purpose of online analysis to our server. During the course of this technical procedure, the following information is stored:

  • the anonymised ip address of the visitor, i.e with the last 2 bytes masked (e.g. 192.168.xxx.xxx)
  • the visitor's operating system (for example Windows, Mac, etc.),
  • the date and time of the visit to the site,
  • the pages accessed,
  • if the visitor follows a link to get to the page, the address (URL) of the page containing the link,
  • the type of browser used.

These personal data are stored by us. We do not forward this personal data to third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the used Internet browser would also prevent Matomo from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Matomo may be deleted at any time via a web browser or other software programs.

In addition, the data subject has the possibility of objecting to a collection of data relating to a use of this Internet site that are generated by Matomo as well as the processing of these data by Matomo and the chance to preclude any such. For this, the data subject must set a "Do Not Track" option in the browser.

When users have set their web browser to "I do not want to be tracked" (DoNotTrack is enabled) then Matomo will not track these visits.  Do Not Track is a technology and policy proposal that enables users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms.

You can also opt out/opt in by following this link.

Further information and the applicable data protection provisions of Matomo may be retrieved under https://matomo.org/privacy/.

7. Cookies and third-party services

Please refer to the dedicated Cookies page for information concerning the use of cookies and third-party services on this website.

8. Do we share your personal data?  

We do not share your personal Data.

We do not sell your Data.

9.  Is your Personal Data transferred to third countries?

ESRF strives to keep the Personal Data in France, or at least within the European Economic Area (EEA).

However, it is possible that the Data we collect when you use our platform or services may be transferred to other countries. This is for example the case if some of our service providers are located outside the European Economic Area.

In the event of such a transfer, we guarantee that it will be carried out:

-    To a country ensuring an adequate level of protection, i.e. a level of protection equivalent to what the European Regulations require.

-    Within the framework of standard contractual clauses.

-    Within the framework of internal company rules.

10.  How long do we keep your Personal Data?

We retain your Personal Data only for as long as is necessary to fulfill the purpose for which we hold the Data and to meet your needs or our legal obligations.

11.  What are your rights?

The GDPR provides Data Subjects with rights that they can exercise. Thus, are provided:

1.    Right to information: the right to have clear, precise, and complete information on the use of Personal Data by ESRF.

2.    Right of access: the right to obtain a copy of the Personal Data that the Data Controller holds on the applicant.

3.    Right to rectification: the right to have Personal Data rectified if they are inaccurate or obsolete and/or to complete them if they are incomplete.

4.    Right to erasure / right to be forgotten: the right, under certain conditions, to have the Data erased or deleted, unless ESRF has a legitimate interest in keeping it.

5.    Right of opposition: the right to object to the Processing of Personal Data by ESRF for reasons related to the particular situation of the applicant (under conditions).

6.    Right to Withdraw Consent: the right at any time to withdraw Consent where Processing is based on Consent.

7.    Right to restriction of processing: the right, under certain conditions, to request that the Processing of Personal Data be temporarily suspended.  

8.    Right to Data Portability: the right to request that Personal Data be transmitted in a reusable format that allows it to be used in another database.

9.    Right to Avoid Automated Decision-Making: the right of the applicant to refuse fully authorized decision-making and/or to exercise the additional safeguards offered in this regard.

10.    Right to define post-mortem directives: the right for the applicant to define directives concerning the fate of Personal Data after his/her death.

Additional rights may be granted by the Local Regulations to affected Persons.

To this end, ESRF has implemented a procedure for the management of individuals’ rights in accordance with the requirements of the applicable Legislation. This procedure establishes:

-    The standards to be respected to ensure the transparent information of the data subject
-    Legal requirements that must be met
-    The authorized means of applying for each right, depending on the category of Persons concerned
-    The business processes for handling these requests in accordance with the above requirements
-    The stakeholders involved in these processes, their roles and responsibilities.

To exercise your rights, you may contact the Data Protection Officer (DPO):

Zoé Durand
Data Privacy Consultant – DPO Consulting Sud Est
zoe.durand@dpo-consulting.com - 2 rue David Girin 69002 Lyon -  www.dpo-consulting.com

When you send us a request to exercise a right, you are asked to specify as far as possible the scope of the request, the type of right being exercised, the Personal Data Processing concerned, and any other useful information, in order to facilitate the examination of your request. In addition, in case of reasonable doubt, you may be asked to prove your identity.

You also have the right to complain to the Commission Nationale de l'Informatique et des Libertés (CNIL), 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, about the way in which ESRF collects and processes your data.

12.   Updating of this policy

This Policy may be updated from time to time to reflect changes in the Personal Data Regulations.

Date of last update 08/12/2021

 

 

Credits

Web design: La Haute Société Grenoble, France

Web development: Ngoar London, UK

CMS: Digital Experience Manager

Pictures: Pierre Jayet, Stef Candé, Max Alexander, Mc Bride, Montero Verdu, Denis Morel, @Elyxyak, Chantal Argoud

Further information and the applicable data protection provisions of Matomo may be retrieved under https://matomo.org/privacy/.

Use of other tools and products