Privacy Policy

 

 

CNES is committed to protecting your personal data. It undertakes to ensure the highest level of protection for your personal data, in compliance with the applicable European and French regulations. 

When CNES collects your personal data, it does so fairly and in a transparent manner thanks to the presence of information notices, a consent form (check box) and a reference to this Policy. 

Personal data is only collected with the user’s consent. Once you have given your consent, you may withdraw it at any time.

 

Definition

“Personal data” refers to any information that directly or indirectly identifies a natural person by reference to one or more factors that are specific to that person (last name, first name, email, postal or IP address, etc.).

As a matter of principle, CNES will not collect or process any personal data relating to your racial or ethnic origin, your political opinions, your religious or philosophical beliefs, your trade union membership, or any genetic data or data concerning your sexual orientation.

 

What data is collected on our website and for what purpose?

One type of data is collected on the CNES MATREX website:

 

  • Data sent directly by the persons concerned: this is the data that you send us directly, via a form that you use to create your account. The data collected is as follows: last name, first name, job title, company, address, telephone number, e-mail address, reason for access request, country, choice of language, password, profile, and user type. If you do not send us this data, your request to create an account may not be processed or may be delayed.

 

What are the main purposes of using personal data ?

On the CNES MATREX website, this personal data is used to create your account and thus enables you to:

  • Access a wealth of data;
  • Store material and process information in a restricted area;
  • Trace actions carried out by users (creation of a material record, modification of a material record, request for login, etc.);
  • Capitalise on and work together with material and process information.

 

These processing operations are not subject to any automated decision-making, including profiling.

 

Retention periods

CNES retains this data in accordance with legal provisions and/or in proportion to the purposes for which it was collected. In other words, 10 years after the last production for contact data, and 3 months for trace management logs.

 

Recipients

The recipients of the data are CNES internal departments and our duly identified website service providers.

 

Data security

All your personal data is strictly confidential and will only be accessed on a need-to-know basis by duly authorised CNES staff and independent service providers acting on our behalf as part of appropriate technical and organisational security measures.

 

CNES has implemented security measures to protect your personal data against unauthorised access and use. We follow appropriate security procedures for the storage and disclosure of your personal data to prevent unauthorised access by third parties and to prevent accidental loss of your data. We restrict access to your personal data to people who genuinely need to access it for professional reasons. The people who have access to your data are bound by a duty of confidentiality.

 

We also have procedures in place to deal with any suspected breach of data security. We will notify you and any competent supervisory authority of any suspected breach of data security when we are required to do so by law.

 

How can you exercise your rights?

You may exercise your rights over all your personal data. The rights related to your personal data are as follows:

  • Right of access: you may exercise your right of access to know about your personal data, including its nature, origin and intended use.
  • Right to withdraw consent: you have the right to withdraw your consent at any time. You will be informed of any consequences of this withdrawal.
  • Right to rectification: if your personal data held by CNES is inaccurate, you may request that it be amended, updated or that the information be completed.
  • Right to erasure: you may request the deletion of personal data held by CNES in accordance with applicable laws. 
  • Right to portability: you can request the portability of your personal data. On the twofold condition that the processing is based on the performance of a contract or the consent of the individual, and that it is automated, you have the right to receive the data in a structured format, in clear, machine-readable and interoperable language, and to forward it to another data controller without being hindered by CNES.
  • Right to restriction of processing: you have the right to restrict processing, in particular when you contest the accuracy of the data,

 

You also have the right to determine what happens to this data after your death.

You may exercise the rights set out above by contacting our Data Protection Officer (DPO) at the following address: l-cnil@cnes.fr

 

 

To guarantee data confidentiality, you must be able to prove your identity. If necessary, a photocopy of an identity document will be requested to verify your identity.

CNES will respond within one month of receipt of your request. If necessary, this period may be extended by two months, depending on the complexity and the number of requests. In the latter case, you will be informed of this extension and of the reasons for the postponement within one month of receipt of the request.

If, after contacting us, you feel that your “Data Protection” rights have not been respected, you may submit a complaint to CNIL.