Data Protection Policy

Article updated on 23/06/22

The Policy outlined in this document applies to any visitor (hereafter “the Visitor”) to the https://villes-et-sante-mentale.com/[a1]  website (the “Website”) published by La Cité des Congrès de Nantes (hereafter the “Data Controller”).

As part of your visit to the Website we may we process information which constitutes personal data about you (“data” or “personal data”).

Your privacy and the security and confidentiality of your personal data are important to us. We undertake to comply with current and future personal data protection regulations and in particular the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereafter, “RGPD”), as well as the amended “Informatique et Libertés” law of 6 January 1978.

This document outlines how we process your personal data in this context. The current online version of these Legal Notices and Data Protection Policy is the only version that can be used during the entire period that the website is used, until it is replaced by a new version.

How, and which, data is collected?

When using the Website, the Visitor is likely to provide a certain amount of personal data about him/her: via the contact form; newsletter registration; and browsing information collected via cookies that may be stored there.

The types of directly collected personal data are:

  • Personal identification data: first name; last name; email address and any other personal data provided in the body of the message on the Visitor’s initiative
  • Personal navigation data which is collected, where applicable, by cookies stored by the Website.

The registration form accessible on the Website (insert link) is managed by Weezevent. Weezevent’s Privacy Policy is available here: https://weezevent.com/fr/politique-de-confidentialite/[a1] , and applies to the personal data provided on this form.

Who manages the data?

The Visitor’s personal data is managed by:

A local public company (SPL), La Cité des Congrès de Nantes, registered at the Nantes Trade and Companies Registry under number 381 053 768, head quartered at 5, rue de Valmy – BP 24102 – 44041 Nantes Cedex 1 – France

What are the purposes and legal bases of the data processing carried out via the Website?

The Website processes the Visitor’s data for the following purposes:

  • Requests transmitted via the contact form, based on the Data Controller’s legitimate interest in responding to contact requests.
  • Management, follow-up, and delivery, in optimal conditions, of registrations on the online ticketing service based on the contractual relationship.
  • Newsletter registration based on the Data Controller’s legitimate interest in communicating information about the International Cities & Mental Health Conference event.
  • Provision of Website services, improvements to the services, and maintenance of a secure environment.
  • Audience measurement and statistical analysis, to improve and optimise the services provided on the Website and the Visitor experience, based on the Visitor’s consent, about the data collected via non-mandatory cookies.

Who are the data recipients?

Personal data recipients:

  • Employees authorised by the Data Controller (La Cité des Congrès de Nantes).
  • Service provider, partner and subcontractor employees authorised by the Data Controller, and those involved in the architecture, content, functionalities, and hosting of the Website data.
  • French State third parties, to comply with the Data Controller’s legal, regulatory, judicial, or administrative obligations or to respond to requests from administrative and judicial authorities, or to prove a right or a contract. The Data Controller may be requested to communicate the Visitor’s data to these authorities when legally required to do so.

The Data Controller will not pass on personal data to any other third party without the Visitor’s consent.

The Data Controller may also share anonymised or aggregated data with third parties other than those previously mentioned, for statistical purposes, without it being possible for these third parties to identify the Visitor in any way.

How is the data protected and stored?

The Data Controller’s prime concern is data privacy and security.

The Data Controller sets up appropriate technical and organisational measures, including physical, hardware and software measures, to preserve the security, integrity and confidentiality of the Visitor’s personal data, and to protect it from access, use, misappropriation, alteration, disclosure or destruction by unauthorised persons.

Furthermore, access to the Visitor’s personal data is strictly reserved to persons specifically authorised for this as part of their duties.

The Data Controller also requires data recipients to provide adequate security and confidentiality guarantees.

Furthermore, in accordance with the European Data Protection Regulation, the Data Controller undertakes to notify the Visitor of any security breach that may pose a high risk to his/her rights and freedoms, unless such notification proves to be unnecessary as provided for in Article 34 of the said Regulation.

How long is data stored for?

Data collected via the contact form is kept for up to 3 years after the last connection from the person in question.

Data collected via the cookies is kept for a maximum of 13 months after it has been collected.

Cookies

What is a “cookie”?

A “cookie”, or a tracer, is an electronic file uploaded on a device (computer, tablet, smart phone, etc.) and read, for example, when browsing a website, reading an e-mail, installing or using software or a mobile application, regardless of the type of device used (source: https://www.cnil.fr/fr/cookies-traceurs-que-dit-la-loi[a1] ).

As you browse a website, cookies from the company in charge of the said website may be uploaded onto your device.

The first time you browse the Website, a banner explaining the use of cookies will pop up. After this, by continuing to browse, the user will be deemed to have been informed and to have accepted the use of said cookies. The latter’s consent will be valid for six (6) months. The User may deactivate cookies in his/her browser settings.

Collected data will be used, among other things, to monitor the volume, type and pattern of traffic using the Website, to develop the design and layout of the Website, and for other administrative and planning purposes and generally to improve the service offered to the User.

The following cookies are on the Website: 

Google Tag Manager:

  • Used to monitor Website usage statistics. 

Wp-wpml_current_language: 

  • These cookies allow the User’s language to be hidden.

YouTube: 

  • These cookies enable the User’s preferences to be stored.

Users may go to https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser[a2]  for more information

about the use, handling, and removal of cookies, for all browsers.

The rights of persons concerned – Contact details: the organisation’s Data Protection Officer – The right to file a complaint with the CNIL (French National Commission for Data Protection and Liberties)

In accordance with the regulations in force, the Visitor has the right to request access to, rectification of, or deletion of his/her personal data, as well as the right to communicate directives concerning the fate of his/her personal data after death. The Visitor still has the right to request that data processing is limited, and to object, to data processing for a legitimate reason and to the right to data portability. Once consent has been given, the Visitor has the right to withdraw it at any time. Withdrawing consent does not affect the lawfulness of data processing based on the consent given prior to withdrawal. If the Visitor withdraws his/her consent to data processing necessary for the provision of the service, he/she will no longer be able to benefit from this service.

To exercise his/her rights, the Visitor may send his request by post or e-mail, with proof of identity including his/her signature, to La Cité des Congrès de Nantes Data Protection Officer (DPO): 5, rue de Valmy – BP 24102, 44041 Nantes Cedex 1 – France, or donneespersonnelles@lacite-nantes.fr

The La Cité des Congrès de Nantes Data Protection Officer can also be contacted via the afore-mentioned contact details for any questions relating to this document or to the Data Controller’s personal data protection practices.

The Visitor also has the right to file a complaint with a supervisory authority, in particular the CNIL (French National Commission for Data Protection and Liberties) located at 3, Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07 – France – Tel: +33 (0)1.53.73.22.22 or online via a webform (www.cnil.fr/fr/plaintes[a3] ).

Amendments to this document

The Data Controller may amend this document from time to time. The current online version is the only version that can be used during the entire period that the website is used until it is replaced by a new version.

Article updated on 23/06/22