Article 1. Preamble and purpose
The company [Your company] as identified below (the "Company") publishes a press website (the "Site") on which it provides Internet users with a contributory space enabling them to post contributions that may be published there (the "Discussion Space"). These contributions may consist of opinions, votes, sources and participation in the various debates that take place in the Debate Forum (the "Contributions"). Internet users who use the Debate Space (the "Users") must first have created an account on the Debate Space and accepted its Terms and Conditions of Use, which can be accessed [here] (rgpd.md).
The provision of the Debate Forum implies the processing of Users' personal data (the "Data Subjects") for which the Company acts as Data Controller. As such, the Company undertakes to comply with the applicable regulations, i.e. to date Regulation n°2016/679 (EU) of 27 April 2016 known as the General Data Protection Regulation ("RGPD") and the French Data Protection Act of 6 January 1978 in its updated version (the "RGPD Regulations").
Article 2. Definitions
Terms beginning with a capital letter, such as but not limited to "Personal Data", "Processing", "Data Subjects", "Data Controller", "Subcontractor", "Recipient", "Data Breach", have the meaning given to them by the RGPD Regulation.
For a better understanding of the present, the term "Data" must be understood as synonymous with "Personal Data".
Article 3. Identity of the Data Controller
[●], a company [●] registered with the Trade and Companies Register (RCS) of [●] under number [●], whose registered office is located at [●], is acting as Data Controller with regard to the processing of Data Subjects' data implemented as part of the provision of the Debate Space and the management of their Contributions.
Article 4. Characteristics of the Processing implemented
The characteristics of the Processing implemented by the Company in relation to the Debate Forum are as follows:
Purposes of the Processing (objectives of the Processing):
- Creation of User accounts on the Discussion Forum;
- Analysis, moderation and publication of Contributions;
- Sending emails relating to Contributions;
- Technical support for Users relating to the Discussion Forum.
Legal basis for processing (legal basis for processing):
- Execution of the General Terms and Conditions of Use of the Debate Space;
- Legitimate interest of the Company.
Categories of Data Subject:
Category of Data:
- Identification data (surname, first name, user name and password);
- Contact details (email address);
- Content of Contributions;
- Connection data (IP address, browsing data, traces, logs).
Method of data collection:
- Data generated by the use of the Debate Forum by the User: creation of an account, publication of a Contribution, etc.
Duration of Data Retention:
- [To be discussed; in the clause in the GCU relating to data protection, it is stated that data is kept for 3 years from the end of the contract, with the exception of journalistic purposes].
Article 5. Recipients of your Data
The Company may communicate the Personal Data of Data Subjects to Authorised Recipients subject to an appropriate obligation of confidentiality, who may be internal or external as appropriate:
1) Internal recipients are all authorised members of the Company's staff whose duties, functions and tasks justify their processing your Data solely for the purposes set out in this Policy and within the framework of the appropriate technical and organisational protection and security measures detailed below;
2) External recipients are :
- Any service providers we may use in connection with the processing carried out via the Platform, and in particular Logora, a simplified joint stock company registered with the Paris Trade and Companies Register under number 850 171 695 and whose registered office is located at 31 avenue Théophile Gautier 75016 Paris, which provides the Debate Space to the Company;
- Entities responsible for advising, auditing and financial control of the Company (chartered accountants, statutory auditors, lawyers, etc.);
- Administrative or judicial authorities within the scope of their powers;
Article 6. Your rights with respect to your Data
Statement of your rights
In accordance with the applicable Regulations, Data Subjects have the following rights with respect to their Personal Data:
- A right to request confirmation that data concerning them is being processed, to obtain information on the characteristics of such Processing, to access such data and to request a copy thereof (right of access);
- A right to rectify or complete any data concerning them that is incorrect or obsolete (right of rectification);
- A right to withdraw their consent at any time provided that the Processing is exclusively based on this legal basis (right to withdraw consent);
- A right to object to the Processing of their Personal Data on grounds relating to their particular situation and to obtain its erasure, unless the Processing is justified on compelling legitimate grounds (right to object on legitimate grounds and right to erasure);
- A right to obtain the temporary limitation of Processing in the event of a request for rectification or opposition on legitimate grounds, which in practice means that Personal Data is retained but not processed (right to limitation);
- A right to Data portability, i.e. a right to obtain the return of personal Data that they have communicated in a format of common use as soon as the Processing is automated and based on consent or on the performance of a contract;
- A right to formulate directives relating to the Processing of their Data after their death and to request that their Data be retained, erased or communicated to an expressly designated third party (post-mortem right).
How to exercise your rights
If the Data Subject wishes to exercise any of the aforementioned rights, he or she may contact the Company in the manner and using the contact details indicated in article 9 of the Policy.
The Data Subject's request must originate exclusively from the Data Subject (unless a mandate has been duly given to a third party) and must be as clear and exhaustive as possible in order to enable the Company to respond as quickly as possible, within one to three months depending on the level of complexity of the request.
The Company may ask the Data Subject to complete his/her request if it is not sufficiently precise, if the right he/she wishes to exercise is not easily identifiable or if he/she is unable to establish his/her identity, in which case the Company may ask him/her to provide additional information and in particular proof of identity, which will be deleted as soon as possible after verification of his/her identity.
In addition, the Company will not be obliged to respond to the Data Subject's request if it is manifestly unfounded or excessive, and in particular if the request is repetitive or too complex to process, which would have the purpose or effect of destabilising the Company's activities.
Article 7. Security
The Company implements the technical and organisational security measures it deems appropriate to preserve the confidentiality and security of the Personal Data of Data Subjects and to prevent their unauthorised destruction, loss, alteration or disclosure.
In any event and in accordance with the RGPD Regulation, the measures implemented are proportionate to the risks that the Company has identified as likely to affect the Data of Data Subjects.
These measures include in particular:
- Hosting Data on servers located within the European Union,
- Management of authorisations and restrictions on data access rights,
- The use of secure identification procedures,
- The use of proven pseudonymisation and anonymisation techniques,
- Implementation of backup measures,
- Implementation of encryption measures (private keys),
- The implementation of traceability measures.
The Company has entered into a contract with Logora, which acts as a Subcontractor and provides the Company with the Debate Space, imposing on the latter security guarantees similar to those that the Company implements to protect the Personal Data of Data Subjects and under the terms of which the Company reserves the right to carry out an audit in order to ensure compliance with its obligations.
In the event of a Data Breach, the Company undertakes to notify the CNIL under the conditions prescribed by the RGPD and, if the said breach poses a high risk to the Data Subjects, to notify them and, where appropriate, to provide them with the necessary information and recommendations.
Article 8. Updating of this Policy
This Policy may be amended at any time to take account of changes in regulations or case law, a change in the characteristics of the Processing or the implementation of a new Processing. Any new version of the Policy will be brought to the attention of Data Subjects by any means chosen by the Company.
Article 9. Contacting us
Data Subjects may address any questions or complaints relating to the Policy to the Company or make recommendations or comments relating to the Policy in writing to the following address:
- By post: [●].
- By email: [●].
Data Subjects may also ask the CNIL any question or lodge a complaint with the CNIL at the following address: CNIL Complaints Department, 3 place de Fontenoy - TSA 80751, 75334 Paris Cedex 07 or by telephone on 01.53.73.22.22 or online by clicking on the following link: https://www.cnil.fr/fr/plainte