Privacy and cookies policy
Updated 11/10/2023
The Foundation for the Memory of the Shoah (hereinafter indistinctly "The Foundation" or "We"), is the Data Controller of Your Data when You navigate through Our institutional site https://www.fondationshoah.org/ (hereinafter the "Site"). We know the importance You attach to the way in which Your Personal Data is processed and We value the importance of protecting and respecting Your privacy. Therefore, We have implemented all appropriate security and protection measures in this Site.
First, (A), We explain to You in this "Privacy Policy" (hereinafter "Policy") why and how We collect and process Your Data in Our Institutional Site, with whom and how We may share it and, above all, Your rights and how You can exercise them.
In a second step (B), We explain to You what a cookie is, how cookies are used in the Site and how You can set them up.
When the Cookies Policy and the Privacy Policy are concerned, they will be commonly referred to as the "Document".
The French version of this Policy is authentic and prevails over any translation.
For any questions relating to the Cookies Policy or Policy, please contact:
Foundation for the Memory of the Shoah
DPO
10 Percier Avenue
75008 - Paris
Part One: Privacy Policy
I. Definitions
In this Document, words or expressions beginning with a capital letter refer to the terms defined in the General Terms and Conditions of Use and, failing that, will have the definition of Article 4 of Regulation (EU) 2016/679 (known as "GDPR"):
"Consent" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she accepts, by a declaration or by a clear affirmative action, that Personal Data concerning him or her be processed;
"Recipient" means the natural or legal person, public authority, agency or any other body to which Personal Data is disclosed, whether it is a third party. In this case, the Foundation may send Your data to the experts who decide which projects sent by the institutions You may represent will be supported by the Foundation and, whether to award You a doctoral or postdoctoral scholarship;
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as
"person concerned"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, Data location means an online identifier or one or more factors specific to its physical, physiological, genetic, mental, economic, cultural or social identity;
"Data Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing. In this case, the Foundation acts as Data Controller.
"Processor" means the natural or legal person who processes Personal Data on behalf of the Controller;
"Social Networks" means sharing spaces on the Internet that allow the User of the Site to follow the Foundation within Our official "social networks" pages;
"Data Processing" means any operation or set of operations whether or not performed by automated means and applied to Data or sets of Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or interconnection, restriction, erasure or destruction;
"User" means any person browsing the Site.
"You", "Your" refers to the User of the Site.
II. Processing of Your Data: data collected, purposes and legal bases
A. For which purposes?
We only use and process relevant Data to achieve the following purposes:
- To allow You to subscribe to Our monthly newsletter and be aware of Our news and projects;
- Send you communications about events organized by the Foundation;
- Allow You to view Our videos and follow Us on Our official Social Network’s pages;
- To allow you to know the projects supported by Our commissions;
- Propose projects dealing with the subjects selected by Our commissions;
- Guarantee the security of the Site, i.e. by using the reCAPTCHA in our contact forms;
- Respond to Your requests as soon as possible and in the most appropriate manner;
- Any other purpose for which We will ask for Your Consent, if necessary.
- Prevent technical problems that You may have while browsing Our Site and know the articles or pages that interest You most, by measuring the audience of the Site through dedicated Cookies, if You consent to their deposit on Your device. To learn more about how Cookies work on the Site, We invite You to read the Cookies Policy (2nd section of this document)
B. Which Data do we collect?
1. Data collected directly
We collect Data about You directly from You, to allow You to subscribe to oOr monthly newsletter and to send Us Your requests via the contact form so that We can respond to You as soon as possible.
We will only ask You for the Data strictly necessary for the purposes of the Processing concerned.
a) Data collected when You subscribe to the monthly newsletter
If You wish to obtain news concerning the projects We support and the commemorations carried out, You can subscribe to Our monthly newsletter.
To subscribe to Our monthly newsletter, We need certain Data about You. Mandatory Data is followed by an asterisk (*).
The only mandatory data that We collect directly from You is Your email address.
You can withdraw Your Consent at any time by clicking on the unsubscribe link at the end of Our monthly newsletter.
b) Data collected when You fill out the contact form
If You wish to contact the Foundation in order to get to know Us better and to know if We can help and accompany You, or respond to any request, You will have to provide Us with certain Personal Data, allowing Us to identify You and to contact You. This data is followed by an asterisk. This includes the following identification data:
- -Civility
- Last Name
- Name
- The content of your message in which it is possible to find personal data.
In addition, You can enter, if You wish, Your telephone number. It will allow Us to contact You and respond to Your request, if You don’t have an email address. Without this Data We will be unable to contact You and help You or respond to Your requests.
This data is used only for contact purposes and Your Consent is requested through a checkbox at the bottom of the form.
2. Data collected indirectly
Data collected indirectly is generally collected by third parties:
- Google: via the reCaptcha at the bottom of the monthly newsletter sign-up form.
- Social Networks when You follow Us on Our official pages in Social Networks.
a) Login data: Google reCaptcha
In order to preserve the security of the contact form, to prevent its misuse by stopping bots (automatic software) and to protect Us against spam, We use the Google reCAPTCHA service before submitting the form. In accordance with Art. 6 para. 1, p. 1, lit. f GDPR, it protects Our legitimate interest regarding the security of Our website against misuse as well as for an optimal presentation of Our online presence.
Google reCAPTCHA is an offer of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter "Google").
Google reCAPTCHA uses a code embedded on the website, called JavaScript, as part of the verification methods for analyzing Your use of the website, such as cookies. The automatically collected information about Your use of this website, including your IP address, is usually transmitted, and stored on a Google server in the United States.
Personal data is neither read nor stored in the input fields of the corresponding form. Further information on Google's data protection policies can be found at www.google.com/policies/privacy
III. With whom do we share Your Data?
1. Recipients of Your Data
We share Your Data with Our Data Processors, the developer, or the Cloud where the Site is hosted.
Your Data never leaves the European Economic Area.
a) The Cloud where our Site is hosted: OVH
The Site is hosted by:
OVH SAS,
2, rue Kellermann,
59100 Roubaix.
Registered RCS of Lille Métropole under number 537 407 926
OVH has given the Foundation all the guarantees in terms of security and data protection.
b) The developer of the Site: Passerelle
100 Boulevard Sébastopol 75003 PARIS
Passerelle has provided the Foundation with all the guarantees in terms of organizational and technical measures ensuring the protection and security of users ‘data of the Site: secure and logical access controls to premises following a reinforced password policy, in accordance with the recommendations of the CNIL and ANSSI of October 2022.
c) Social networks
The Foundation allows You to follow Us through Our official pages in Social Networks. Therefore, We have implemented different buttons, each one corresponding to the Social Network concerned:
- Facebook
- Instagram
- Twitter
- Dailymotion
LinkedIn
The Foundation cannot control the use that is made of Your Data by Social Networks when You are redirected to their sites and can therefore not be held responsible for misuse on their part. We strongly recommend that You carefully read the Privacy Policies or Cookies Policies of each one of the Social Networks to be able to know the use that is made of Your Data and how to exercise Your rights.
(1) Meta: Facebook and Instagram buttons
Our Site has implemented a link to Our Facebook page to allow You to know the actions We take, to see the photos that are published there, etc. Visiting Our Facebook page requires You to have an account in the social network. From the moment You are redirected to the Facebook page, Meta Inc. becomes the controller of your data.
Meta Inc. is an Independent Controller because it alone decides which data to collect, the purposes of the processing of Your data and You will have to contact Facebook to exercise your rights.
Further information on how Meta Inc. processes personal data, including the legal basis on which Meta relies and the means available to data subjects to exercise their rights against Meta Inc. can be found in Facebook Ireland's Data Policy available at https://www.facebook.com/about/privacy.
(2) X button
Our Site has implemented a link to Our X page to allow You to know the actions We take, to see the photos that are published there, etc. In this case, Twitter is considered an Independent Controller. Indeed, X collects Your Data as soon as You are redirected to Our pages, it decides what data to collect, the purposes of the processing of Your data and You will have to contact Twitter to exercise your rights.
Further information on how X processes personal data, including the legal basis on which Twitter relies as well as the means available to data subjects to exercise their rights against Twitter, can be found in X's Data Policy available at https://twitter.com/en/privacy .
(3) Dailymotion button
Our Site has implemented a link to Our Dailymotion page to allow You to view Our Videos on Our official page in Dailymotion. In this case, Dailymotion is considered as an Independent Controller. Indeed, Dailymotion collects Your Data as soon as You are redirected to Our pages containing Our videos, it decides what data to collect, the purposes of the processing of Your data and You will have to contact Dailymotion to exercise your rights.
Further information on how Dailymotion processes personal data, including the legal basis on which Dailymotion relies as well as the means available to data subjects to exercise their rights against Dailymotion, can be found in Dailymotion's Data Use Policy available at https://www.dailymotion.com/legal/privacy?localization=fr.
d) LinkedIn button
Our Site has implemented a link to Our LinkedIn page to follow Us and know articles or posts relating to the Foundation’s matters. In this case, LinkedIn is considered an Independent Controller. Indeed, LinkedIn collects Your Data as soon as You are redirected to Our pages, it decides what data to collect, the purposes of the processing of Your data and You must contact LinkedIn to exercise your rights.
Further information on how LinkedIn processes personal data, including the legal basis on which LinkedIn relies as well as the means available to data subjects to exercise their rights against LinkedIn, can be found in Dailymotion's Data Policy available at https://www.linkedin.com/legal/privacy-policy .
e) Emailing software: Brevo
When You send Us the contact form, the sending is carried out by:
Brevo SAS
106 boulevard Haussmann
75008 Paris, France
RCS of Paris number: 498 019 298
Brevo has provided the Foundation with all the guarantees relating to the protection and security of Your Data, including: the use of a multi-level firewall as well as an antivirus of proven reputation in the detection of intrusion attempts, the encrypted transmission of data using SSL/https/VPN technology, the storage of data in Tier III and PCI DSS certified Data Centers. Brevo has appointed a Data Protection Officer.
IV. Retention of Your Data
We have implemented the principle of minimization of Your Data and We keep them only for the time necessary to accomplish the Purposes described herein.
We keep Your Data for a period of 3 years after the last contact between You and Us or until You have withdrawn Your Consent or requested the deletion of Your Data.
Once the 3-year period has expired, We securely delete Your Data and ask Our Data Processors to do so.
V. What are Your rights and how can You exercise them?
IV.1 Your rights
In accordance with the applicable regulations related to the protection of Personal Data, and in particular Law No. 78/17 on data processing, files and freedoms as amended in June 2018, and Regulation (EU) 2016/679, You have the rights of access, deletion, limitation of processing, rectification, objection and portability of Your Data, in accordance with Articles 15 to 21 of the GDPR.
You may also request not to be subject to automated decision-making, including profiling, in accordance with Article 22 of the GDPR.
IV.2 How can You exercise them?
You can exercise Your rights by sending an email clearly describing your request to: contact@fondationshoah.org .
We inform You that, in accordance with Article 12 of the GDPR, We may ask You for a copy of a document proving Your identity, in order to verify that Your identity has not been stolen.
Finally, You have the right to lodge a complaint with the Commission Nationale Informatique et Libertés (CNIL) if You consider that We do not respect Your rights.
Part Two: Cookies Policy
I. What is a cookie?
Cookies are small text files or tracers that may be deposited, read and stored when You visit Our Site, on Your fixed or mobile device (computer, tablet, smartphone, television, connected object). It has a unique identifier assigned to Your device and allows the Site to remember Your actions and preferences (such as location, language You use, font size You prefer, and other display preferences) for a specified legal period of time. Thus, You do not need to provide certain information each time You access the Site or navigate from page to page. Cookies can also help Us personalize Your browsing experience. These cookies allow Us to get to know You better, to personalize Your user experience, to recommend You offers and products in line with Your interests and to facilitate Your navigation through the Site.
A. The different types of cookies
There are two main categories of cookies: session cookies and persistent cookies.
Session cookies allow the Site to track Your navigation from one page to another so that You are not asked for the same information previously communicated to the Site. Cookies allow You to browse many pages of the Site quickly and easily. These cookies remain on Your device until you close Your browser, which automatically disappears from these cookies.
Persistent cookies help the Site remember Your information and settings when You visit it in the future. They guarantee to you with a faster and more convenient access.
On Your first visit, the Site is presented in default mode. During Your visit, You select Your preferences, which are remembered for Your next visit to the Site through the use of persistent Cookies.
Persistent cookies are in turn divided into two categories:
1. Our cookies
2. Third Party Cookies
1. Our Cookies
The cookies We issue are used for the purposes described below, subject to your choices resulting from the settings You have personalized in the Consent Management Platform ("CMP"), available on Our Site at the bottom of the page, by clicking on "Cookie Settings".
a) Technical cookies, known as Essential
Technical cookies are used for the proper functioning of the Site. These are essential cookies that cannot be disabled because they are necessary for browsing the Internet and have the following purposes:
o Ensuring the security of the Site
o Allow You with an easy navigation
These cookies are essential for the proper functioning, security of the Site and Your navigation. These cookies do not store any personal data. This is the reason why their state appears as "Always Active".
b) Analytics Cookies: Google Analytics
These cookies allow Us to analyze Your browsing on Our Site, to produce statistics and also to improve Your User experience. The analyses are carried out on anonymised aggregated data.
The Foundation uses Google Analytics to measure the audience of its Site. Since Google is a US company, it transfers Your Data to the United States of America. This is why Your Consent is required. In general, Your Consent will be sought again six (6) months after providing it to our CMP; unless you have removed it in the meantime.
The analytics cookies placed on your device measure the performance of the Site, detect navigation problems, optimize the technical performance of the Site, its ergonomics, estimate the power of the servers necessary for Your navigation, analyze the content consulted and serve to provide Us with anonymous statistical data made from aggregated data.
In general, We keep cookies for a period of 6 months. Anonymous statistics made from analytics cookies are kept for a period of 25 months and are then destroyed.
2. Third-party cookies
Given that the Foundation does not manage cookies deposited by third party sites because We do not deposit their pixels but only redirect links to their sites, including Social Networks, We are not responsible for the use they make of Your Data. We invite You to read their privacy policies and cookie policy to understand the use that is made of Your Data. You can also learn how to disable them by following their instructions.
II. Cookie settings
A. Through Our Consent Platform – CMP (recommended)
Our Site allows YYou to configure the cookies placed on Our Site by clicking on the "Cookie Settings" button of Our banner. You can reconsider Your choices at any time.
B. By configuring Your internet browser
Some internet browsers allow You to set cookies and tracers purpose by purpose, both on Your fixed devices and on Your mobile devices.
On each browser the configuration can be different as well as the vocabulary used.
Depending on the browser You use, You will need to go to "Options", "Preferences" or "Advanced Settings" in order to be able to configure your "Privacy and Security", "Confidentiality" or "Privacy and Security".
Then, You will be able to select, purpose by purpose, the Cookies that You agree to deposit on Your device as well as the Permissions that You give to the Sites (location, images, microphone, virtual reality, etc.).
Example:
Firefox :
- 1. 1. Go to “Settings”
- 2. Click on
- 3. Go to so that you can decide which Data will be erased or manage the permissions You wish to give to the Site.
- 4. You can decide to keep or delete the history of your searches
- 5. Finally, if you go to you can set up the permission you give to each type of data
You can also decide to keep or delete cookies when exiting the browser.
If You wish to have more information on how to correctly configure Your "Privacy and Security" in each one of the main browsers, We invite You to read the recommendations of the CNIL on its website : https://www.cnil.fr/fr/les-conseils-de-la-cnil-pour-maitriser-votre-navigateur
You will find all the explanations to control the cookies and tracers of the browser You use to connect to Our Site.
We are not responsible for the Privacy Policy or the Cookies Policy of browsers and cannot be held responsible for non-compliance with the Applicable Regulations of the Internet browsers You use. We recommend that You read their Cookies Policy and/or Privacy Policy.
Please be aware that the «DoNotTrack" setting proposed
by certain versions of browsers is not always interpreted by all actors as an opposition to tracking by advertising agencies and is therefore not sufficient to reflect Your choice.
C. Storage of Cookies
If You consent to the deposit of Cookies in Your device, they will be kept for a maximum period of six (6) months from their deposit. At the end of this period (or if You have manually deleted Your cookies), Your Consent for the deposit and/or reading of cookies will again be required and You will have to set Your choices again directly by accessing the Cookies Settings
III. Details of Cookies (put the table of Axeptio)