This Privacy Policy concerns the protection of personal data as implemented by:

CHU de La Réunion, public health establishment, having its headquarters at the following address:

Alley of Topazes – CS 11021 – 97400 Saint-Denis

This Policy describes how we, data controller within the meaning of the General Data Protection Regulation GDPR (Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing personal data and the free movement of such data), collect and use your personal data in connection with the site:

CoReS-OI, allowing registration for the health research congress of the Indian Ocean.

Introduction

We, as data controller, guarantee that we process personal data in accordance with the applicable regulations on the protection of personal data, and with these clauses.

 

1. Categories of Data Collected

As part of our services we collect the following categories of personal data:

• your surname, first name, marital status;
• your e-mail address, telephone number, postal address;
• your profession;
• if applicable, the details of a contact person;
• your status;
• name and contact details of your institution if applicable, your image (video surveillance, filmed conferences, photos);
• information obtained through the use of cookies;
• your IP address, login data, browser type and version and other technical login data.

The provision of data marked with an asterisk on the data collection forms is mandatory and necessary for the processing of your registration request for the event. If you do not provide us with this data, we may not be able to take your registration request into account.

In addition to this information, we also collect information that you agree to communicate to us or that we collect in our legitimate interest or in the context of our legal obligations.

 

2. Purposes of processing

We process your personal data mainly for the organization and marketing of the event.

 

3. Nature of processing

The nature of the operations carried out on your personal data, according to the services for which we are responsible:

• management of registration and participation in the event,
• creation of event participant files,
• badge editions,
• management of certificates of attendance and various certificates, letter of invitation,
• production of post-event statistics,
• transmission of data to exhibitors and partners for transparency declaration purposes,
• creation of the database of scientific contributors to the event,
• notification of accepted or rejected speakers,
• registration for the event of the selected speakers,
• creation of the database of scientific contributors for the management of the reimbursement of their transport,
• edition of the scientific program of the event,
• creation of contact files in the commercial relations software to manage the commercial activity of the event,
• follow-up of event invoicing,
• contact you if necessary,
• management of your requests to exercise rights, complaints and disputes,
• to fulfill our legal obligations, to comply with applicable laws and regulations, to respond to legitimate requests from competent law enforcement authorities,
• and any other operation necessary for the organization and marketing of the event.

This list is intended to be as exhaustive as possible, any new purpose, modification or deletion of existing processing will be brought to the attention of customers and prospects by a modification of this privacy policy.

 

4. Legal bases for data processing

The legal bases for processing your data are:

• your consent to the processing of your personal data (for example sending newsletters, contact requests, communication of offers and news, transmission of data to partners);
• execution of a contract via in particular the general conditions of sale (for example registration for the event);
• the processing is necessary for the satisfaction of our legitimate interest (for example to manage claims and complaints in order to ensure our defense, billing follow-up).

 

5. Data origins

Personal data relating to participants and partners are generally collected directly from them.

Collection can also be indirect, via third parties: in particular event service providers and travel organizers
 

6. Data recipients

Your personal data is communicated to:

internal people:

• strictly authorized employees of the Reunion University Hospital, called upon to intervene to allow you to participate in the event. These people will only process your data for the purposes set out above and are subject to an obligation of confidentiality.

external persons:

• subcontractors (e.g. travel agency, transport company, hotel, badge supplier,…),
• partners in certain cases (visit to their stand, participation in a sponsored or sponsored session, etc.), it being specified that this transmission is subject to your prior agreement;
• the authorized external staff of the services responsible for control (auditor for example).

All these third parties to whom we may transmit your personal data are required to guarantee the security of your information.

In addition, your personal data may be communicated to:

• the authorities of the countries hosting the event or of the countries of origin of the participants, within the framework of the application of legal provisions,
• administrative or judicial authorities, local or national, to the extent required by law.

In this case, we are not responsible for the conditions under which the personnel of these authorities have access to and use your data.

Within the framework of the purposes mentioned in this policy, we may transmit your personal data to companies located in countries that are not members of the European Union and the European Economic Area, whose legislation on the protection of personal data differ from those of the European Union.

7. Data retention period

We keep your personal data for the time necessary to achieve the objective pursued during their collection or as long as the legislation requires us to keep them.

They are kept for variable periods depending on the processing, namely:

PROCESSING	SHELF LIFE
Data relating to participants or partners in the event	During the period of contractual relations and in particular during the duration of the event, increased by 3 years for prospecting purposes, without prejudice to retention obligations or limitation periods
Prospect data	3 years from their collection or the last contact from the prospect, or until the data subject objects to this processing
Technical data	1 year
Anti-Money Laundering	5 years
Accounting documents (invoices, booking vouchers)	10 years

 

After the set deadlines, the data is either deleted or kept after having been anonymized, in particular for reasons of statistical use. They can be kept in the event of pre-litigation or litigation.

 

8. Data Security

We take the appropriate and necessary technical and organizational measures to protect your personal data against unlawful or accidental destruction, manipulation, loss, disclosure or unauthorized access.

9. Your rights

As a person concerned by the processing of your personal data, you have the following rights allowing you to keep control of the information concerning you:

• right of opposition: you can oppose, for legitimate reasons, to appear in our files; you can also object to the data concerning you being disseminated, transmitted or stored;
• right of access: you can request a copy of the information we hold about you to verify its content;
• right of rectification: you can ask us to rectify inaccurate or incomplete information about you;
• right to erasure: you have the right to ask us to erase personal data concerning you;
• right to limitation: you have the right to ask us to temporarily freeze the use of some of your data;
• right of portability: you can request to retrieve your personal data that we hold about you, for personal use or to transmit it to a third party of your choice;
• post-mortem right: you have the right to formulate directives concerning the storage, erasure and communication of your post-mortem data;
• right to lodge a complaint (complaint) with a supervisory authority, namely in France the CNIL https://www.cnil.fr/fr/plaintes, if you believe, after contacting us, that your computer rights and freedoms are not respected.

You can exercise these rights at any time either by sending us an e-mail at dpo.recherche@chu-reunion.fr or by sending us a letter to the postal address: CHU de La Réunion – Delegation for Clinical Research and Innovation – BP 350 – 97488 Saint-Pierre.

In accordance with the legislation on the protection of personal data, participants and partners are informed that these are individual rights which can only be exercised by the person concerned in relation to their information: for security reasons, the person concerned must prove his identity.

 

10. Your obligations

We make reasonable efforts to ensure that your personal data remains as accurate, complete and up-to-date as possible. To ensure that your data is accurate and up to date, and to help us maintain this state of affairs, you must inform us, without delay, of any change in the information you have provided to us.

You must therefore guarantee that the data provided by you is correct, accurate, up-to-date, faithful and complies with applicable laws.

Given the fact that we mainly use electronic communications in our exchanges with you, you are notably asked to notify us of any change in your e-mail address.

You are also responsible for the security of your data, including keeping any passwords given to you confidential.

 

11. Device data collection

We do not collect or store any technical data from your device (IP address, Internet service provider, etc.).

 

12. Cookies

Cookie retention period

In accordance with the recommendations of the CNIL, the maximum retention period for cookies is a maximum of 13 months after their first deposit in the User’s terminal, as is the duration of the validity of the User’s consent to the use of these cookies.

The lifetime of cookies is not extended with each visit. The User’s consent must therefore be renewed at the end of this period.

Cookie purpose

Cookies can be used for statistical purposes, in particular to optimize the services provided to the User, from the processing of information concerning the frequency of access, the personalization of the pages as well as the operations carried out and the information consulted.

You are informed that the Publisher may place cookies on your device. The cookie records information relating to navigation on the service (the pages you have consulted, the date and time of the consultation, etc.) that we can read during your subsequent visits.

User’s right to refuse cookies

You acknowledge having been informed that the Publisher may use cookies. If you do not want cookies to be used on your device, most browsers allow you to disable cookies through the settings options.

 

13. Retention of technical data

Technical data is kept for the time strictly necessary to achieve the purposes referred to above.

 

14. Indications in the event of a security breach detected by the Publisher

Information of the User in the event of a security breach

We undertake to implement all appropriate technical and organizational measures in order to guarantee a level of security adapted to the risks of accidental, unauthorized or illegal access, disclosure, alteration, loss or destruction of personal data about you. In the event that we become aware of illegal access to your personal data stored on our servers or those of our service providers, or of unauthorized access resulting in the realization of the risks identified above, we undertake to :

Notify you of the incident as soon as possible;

Examine the causes of the incident and inform you;

Take the necessary measures within reasonable limits to reduce the negative effects and damage that may result from said incident.

Limitation of Liability

Under no circumstances can the commitments defined in the point above relating to notification in the event of a security breach be assimilated to any acknowledgment of fault or liability for the occurrence of the incident in question.

 

15. Changes to Privacy Policy

In the event of modification of this Privacy Policy, commitment not to lower the level of confidentiality substantially without the prior information of the persons concerned.

We undertake to inform you in the event of a substantial modification of this Privacy Policy, and not to lower the level of confidentiality of your data in a substantial way without informing you and obtaining your consent.

16. Data Portability

The Publisher undertakes to offer you the possibility of having all the data concerning you returned to you on simple request. The User is thus guaranteed better control of his data, and retains the possibility of reusing it. This data should be provided in an open and easily reusable format.

17. For more information

For any further information, you can contact us by email at the following address: sec.dri@chu-reunion.fr

For any other more general information on the protection of personal data, you can consult the CNIL website https://www.cnil.fr/.