Information on the protection of personal data (GDPR)
The French Atomic Energy and Alternative Energies Commission (CEA) is committed to protecting the personal data it processes.
For the purposes of its activities, the CEA is required to process personal data. The notion of “Personal Data” refers to any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier (e.g. a name or an identification number) or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
Who should you contact for any question about your Personnal data
The CEA attaches great importance to the respect of the rights and freedoms of individuals and to the protection of their Personal Data. The CEA has appointed a Data Protection Officer who is authorised to deal with all issues relating to the protection of Personal Data. You can contact him at the following address: firstname.lastname@example.org
What kind of Personal Data does the CEA collect about you ?
Depending on the circumstances, the CEA may collect some of the Personal Data listed below:
- identity information: surname, first name, age, photograph, gender, date and place of birth, nationality, identity document references
- contact information: professional and personal details
- information about your professional background
- connection data when you browse the websites or access the CEA information systems
- data necessary for the execution of contracts
- data necessary for the management of event relations, communication operations, solicitation, promotion, investment and partnership.
Why and for what pupose does the CEA collect your Personal Data ?
The CEA may collect Personal Data, in its capacity as data controller, in order to respond to your requests, to comply with its legal and contractual obligations, to perform a contract, for reasons of public interest or to fulfil a legitimate interest.
The CEA collects Personal Data, if necessary through forms and contact pages, in particular for the purpose of processing an online registration, subscribing to newsletters or publications, responding to a request for information, statistical studies, surveys and polls, on the occasion of your consultation of websites, to enable exchanges with the CEA or for internal and external communication purposes such as the management of communication events and the organisation of training sessions, conferences, etc.
With whom does the CEA share your Personal Data ?
The CEA may transfer Personal Data to service providers and/or subcontractors in particular to manage registrations, subscriptions, ensure the follow-up of the processing of requests, operate, improve or maintain its activities and services and to administer its sites.
Where is your Personal Data stored and processed ?
Personal Data is processed as much as possible at the CEA, on the national territory or in the European Union. It is not transferred to third countries. However, in order to offer online services adapted to your needs, the CEA may have recourse to third parties. In order to process your Personal Data and offer you these services, these partners may process your Personal Data outside the European Union. In this case, the CEA takes the necessary guarantees so that the level of protection of individuals offered by the Regulation is not compromised. These safeguards are available on request at the following address: email@example.com
How long does the CEA keep your Personal Data ?
The CEA keeps your Personal Data only for as long as is strictly necessary to fulfil the purposes described above, to comply with its legal, regulatory and contractual obligations, and to defend its legitimate interests (for processing of Personal Data based on the CEA’s legitimate interest, as defined by the Regulation, for example those set up to follow up on communication actions).
If you unsubscribe from a site or a newsletter, your Personal Data is deleted from the active databases and only kept in archive form for the purpose of establishing proof of a right, the execution of a legal obligation or a contract.
At the end of the applicable retention period, the following shall be done:
- or the secure deletion or destruction of the Personal Data;
- or the strict anonymization of Personal Data;
- archiving Personal Data for archival purposes in the public interest, for historical purposes or for statistical purposes.
What are your rights regarding your Personal Data ?
You have rights to your Personal Data. In accordance with the Regulation on the protection of personal data, in particular Articles 15 to 22 of the RGPD, and after having proved your identity, you have the right to request access to, rectification or deletion of your Personal Data.
In addition, within the limits of the law, you also have the right to object to the processing, to request its limitation, to decide on the post-mortem fate of your Personal Data, and to exercise the right to portability of the Personal Data provided.
Please note that these rights are not absolute and remain limited. Any unfounded or abusive request, particularly with regard to security requirements, laws and regulations, may be rejected.
To exercise these rights, you can contact the DPO at the following address: firstname.lastname@example.org.
Furthermore, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing based on the consent given prior to such withdrawal.
Can the CEA change this information document ?
The CEA may change this information document at any time, particularly in the light of developments in processing techniques and tools. It is therefore recommended that you consult it regularly. In case of modification, the CEA will publish these changes on this page, in the appropriate places, according to the purpose and importance of the changes made.
Commission nationale de l'informatique et des libertés (« CNIL »)
We remind you that you can lodge a complaint with the DPD (email@example.com) and, in the event of an unresolved dispute, with the Commission Nationale de l’Informatique et des Libertés (CNIL), which is the independent administrative authority responsible for ensuring compliance with the regulations on the protection of personal data in France. You can contact it directly on the website https://www.cnil.fr/fr/agir or by post at the following address Commission nationale de l’informatique et des libertés, 3 Place de Fontenoy – TSA 80715, 75334 PARIS CEDEX 07.
Specific cookie information